- Microsoft discovers cyber attacks aimed at diplomats
- Embassies inside Russia are being beaten with malware
- The actors of the threat are using adversary attacks in the middle
Foreign embassies in Moscow are being attacked by Russian computer pirates, which use custom malware as Apolloshadow, disguised as Kaspersky’s antivirus software, have affirmed new reports.
The attacks have the ultimate goal of installing a TLS root certificate that allows the threat actor “to impersonate the” cryptographically “trusted websites visited by the infected system within the embassy, reports Microsoft Microsoft threatening Intelligence.
“This campaign, which has been ongoing since at least 2024, has a high risk for foreign embassies, diplomatic entities and other sensitive organizations that operate in Moscow, particularly for those entities that depend on local Internet suppliers,” experts said.
Secret Storm
This Cyber Espionage campaign aimed at diplomats and embassies uses what is known as an adversary attack in the medium (AITM), which occurs when computer pirates intercept and alter communications between two parts without their knowledge.
These frequently take advantage of other attack vectors such as emails or social engineering messages to create conditions in which an attacker can intercept and manipulate communications between users and legitimate services they use, then steal authenticated credentials and access tokens.
The notorious threat actor, Secret Blizzard, has previously observed to hack the Ukrainian military technology by stealing third -party entry points. The group is one of the most sophisticated and prolonged threat actors of the state of the state of the world.
Microsoft previously evaluated with “low confidence” that Secret Blizzard was carrying out cyberspage within the Russian borders against their adversaries, but the company now confirms that they have the ability to carry them out at the level of Internet Services Supplier (ISP).
This means that diplomats that use ISP or local telecommunications within Russia are “very likely” objectives of Blizzard’s secret AITM position within those services.
“In our previous blog, we report that the actor probably takes advantage
