All Sections
Укр Рус Eng Support Us
Укр Рус Eng
Support Us

Microsoft exposes Kremlin hackers who targeted foreign embassies in Moscow

Ivan Diakonov Friday, 1 August 2025, 04:59
Microsoft exposes Kremlin hackers who targeted foreign embassies in Moscow
Stock photo: Getty Images

A Russian hacking group known as Secret Blizzard, which is directly linked to Russia’s Federal Security Service (FSB), has used a state surveillance system to conduct cyberespionage operations against foreign embassies in Moscow.

Source: Microsoft Threat Intelligence report, 31 July 2025

Details: Microsoft revealed that Secret Blizzard (also known as Turla) launched a large-scale cyberespionage campaign targeting foreign diplomatic missions operating in Moscow. The hackers gained access to Russian internet providers and used their infrastructure to intercept internet traffic from embassies.

Advertisement:

Experts found that the attacks employed adversary-in-the-middle (AiTM) techniques, which allow an attacker to insert themselves between the user and the server to intercept data.

During the attacks, hackers deployed malicious software called ApolloShadow on diplomatic devices. This malware enabled a technique known as HTTPS downgrading (TLS/SSL stripping), effectively converting encrypted traffic into unencrypted data, allowing hackers to steal logins, passwords, authentication tokens and other sensitive information.

Additionally, ApolloShadow installed a trusted root certificate from Kaspersky Lab on users' devices. As a result, the compromised systems accepted connections from fake or infected sites as secure, allowing the hackers to maintain long-term control over diplomats' devices.

Experts believe that the key enabler of this large-scale cyberattack was Russia’s System for Operative Investigative Activities (SORM), a state-run infrastructure that permits security agencies to intercept internet traffic in real time.

For reference: Secret Blizzard has been identified by the US Cybersecurity and Infrastructure Security Agency (CISA) as a subdivision of Centre 16 of the FSB. It is considered one of the world’s leading state-sponsored hacking units and is routinely used by the Russian government in cyberwarfare and influence campaigns.

Background: 

  • The Secret Blizzard group has previously targeted foreign ministries, particularly in Eastern Europe, tricking users into downloading malware from controlled servers. In 2023, the US Department of Justice announced the takedown of a massive Turla botnet used for global Kremlin-backed espionage.
  • In December 2017, US President Donald Trump signed a law banning the use of Kaspersky Lab software in US government agencies due to fears it was being used by Russia for espionage.
  • In March 2022, the US Federal Communications Commission added Kaspersky Lab to the list of companies that pose a threat to US national security.

Support Ukrainska Pravda on Patreon!

cyber securityRussiaRussian Federal Security Servicespying
Advertisement:
Spiegel confirms searches at German residence of former deputy head of Zelenskyy's Office
UpdatedDeath toll from Russian strike on Kyiv rises to 31, including 5 children – photos
Trump warns Russia of sanctions: Kremlin has until 8 August
Nighttime Russian attack on Kyiv: second young person confirmed killed, death toll rises to 16
European Commission expects Ukraine to appoint head of Economic Security Bureau without delay
updatedRussia hits centre of Kramatorsk in Donetsk Oblast: 1 killed, 11 injured – video
All News
cyber security
Russian Aeroflot airline hit with US$50m in losses from devastating hacker attack
Cyberattack on Dutch Public Prosecution Office linked to Russia
UK accuses Russian military intelligence of cyber espionage against West
RECENT NEWS
11:57
Germany announces transfer of two Patriot systems to Ukraine
11:49
Pentagon orders AMRAAM missiles from Raytheon, Ukraine is among recipients
11:10
Spiegel confirms searches at German residence of former deputy head of Zelenskyy's Office
10:55
UpdatedDeath toll from Russian strike on Kyiv rises to 31, including 5 children – photos
10:47
Industrial activity in Russia slumps sharply, July sees worst performance since 2022 – Reuters
10:23
Three killed in Russian strike on Kramatorsk, more people may be trapped under rubble
09:50
Russian attack on Dnipropetrovsk Oblast: two children recovered from rubble, one severely injured
09:07
Ukrainian air defence downs 44 Russian drones, 28 UAVs hit targets
09:05
Germany considers reintroducing anti-personnel mines due to threat from Russia
08:54
Mother of three killed in Russian attack on Kherson
All News
Advertisement:
Advertisement: