A report by analysts from Microsoft's Threat Intelligence unit states that the Russian cyber-espionage group Turla (also known as Secret Blizzard) is attempting to spy on foreign embassies in Moscow by attacking local internet providers. This is reported by UNN, citing Microsoft and Bloomberg.
Details
According to Microsoft, the attackers, the Turla or Secret Blizzard group, organized a "large-scale" cyber-espionage campaign using Russian internet providers to carry out hacks. Turla hackers also disguised their "malicious software" as antivirus software from the Russian company Kaspersky.
Having gained access to Russian internet providers, the hackers attacked foreign embassies in Moscow, redirecting victims' internet traffic and downloading malicious software as part of what was likely an intelligence-gathering operation.
Trusted brands are often used as lures without their knowledge or consent... We always recommend downloading applications only from official sources and verifying the authenticity of any message that purports to come from trusted companies.
It is noted that the malicious software, known as ApolloShadow, deprives targeted data of encryption, thereby converting the hackers' internet activity into clearly readable data, including browsing data and sensitive credentials.
According to the publication, this hacking group has been active for over 25 years. The US government has stated that the group, considered one of the most sophisticated and persistent in the world, is part of Russia's Federal Security Service. In 2023, the Department of Justice announced that it had dismantled an extensive network of computers that Turla used to attack users worldwide on behalf of the government in Moscow.
Microsoft reported that Russian internal interception systems, such as the System for Operative-Investigative Measures (SORM), likely play a key role in enabling these large-scale operations. SORM is a legally enshrined framework for internal interception and surveillance in Russia, allowing the FSB and other domestic law enforcement and intelligence agencies to conduct surveillance.
Recall
Since the beginning of 2025, CERT-UA has been recording approximately 15 cyberattacks daily, with Russia being the main source. Experts identify destructive attacks, cyber espionage, and financially motivated attacks.