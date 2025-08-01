$41.770.02
Exclusive
July 31, 01:18 PM • 28420 views
Synchronicity of Kuzminykh's and "Darnytsia's" statements: lawyer explained whether this could be grounds for examination and investigation
Exclusive
July 31, 12:18 PM • 48200 views
Excise tax on sweet carbonated drinks: when parliament might consider the bill and whether it will do so at all
July 31, 12:07 PM • 125519 views
Zelenskyy signed the law on NABU and SAPO
July 31, 10:55 AM • 69618 views
Rada increased defense spending
July 31, 10:17 AM • 74660 views
The Rada restored the powers of NABU and SAP with the presidential bill
Exclusive
July 31, 07:35 AM • 70099 views
Another disinformation: Khortytsia OSGT spokesperson on Russia's statement regarding the capture of Chasiv Yar
Exclusive
July 30, 03:21 PM • 240686 views
Aviation is a Constant of the Ukrainian Dream: Roman Mileshko on the Challenges and Prospects of a Strategic Industry in Wartime
Exclusive
July 30, 03:01 PM • 277745 views
Children's dreams and Ukraine's reconstruction needs do not align: Kateryna Osadcha told how Ukrainian graduates choose future professionsPhoto
Exclusive
July 30, 01:30 PM • 113853 views
Pharmaceutical giants increase advertising budgets: why does this harm Ukrainians?
July 30, 09:57 AM • 98007 views
"Contract 18-24" launched for drone operators for two years: details
Russian hackers try to spy on foreign embassies in Moscow

Kyiv • UNN

 • 68 views

Microsoft analysts found that the Russian cyber-espionage group Turla (Secret Blizzard) is attacking foreign embassies in Moscow, using local internet providers. The hackers disguise malware as Kaspersky antivirus.

Russian hackers try to spy on foreign embassies in Moscow

A report by analysts from Microsoft's Threat Intelligence unit states that the Russian cyber-espionage group Turla (also known as Secret Blizzard) is attempting to spy on foreign embassies in Moscow by attacking local internet providers. This is reported by UNN, citing Microsoft and Bloomberg.  

Details

According to Microsoft, the attackers, the Turla or Secret Blizzard group, organized a "large-scale" cyber-espionage campaign using Russian internet providers to carry out hacks. Turla hackers also disguised their "malicious software" as antivirus software from the Russian company Kaspersky.

Having gained access to Russian internet providers, the hackers attacked foreign embassies in Moscow, redirecting victims' internet traffic and downloading malicious software as part of what was likely an intelligence-gathering operation.

Trusted brands are often used as lures without their knowledge or consent... We always recommend downloading applications only from official sources and verifying the authenticity of any message that purports to come from trusted companies.

- said a Kaspersky spokesperson.

It is noted that the malicious software, known as ApolloShadow, deprives targeted data of encryption, thereby converting the hackers' internet activity into clearly readable data, including browsing data and sensitive credentials.

According to the publication, this hacking group has been active for over 25 years. The US government has stated that the group, considered one of the most sophisticated and persistent in the world, is part of Russia's Federal Security Service. In 2023, the Department of Justice announced that it had dismantled an extensive network of computers that Turla used to attack users worldwide on behalf of the government in Moscow.

Microsoft reported that Russian internal interception systems, such as the System for Operative-Investigative Measures (SORM), likely play a key role in enabling these large-scale operations. SORM is a legally enshrined framework for internal interception and surveillance in Russia, allowing the FSB and other domestic law enforcement and intelligence agencies to conduct surveillance.

Recall

Since the beginning of 2025, CERT-UA has been recording approximately 15 cyberattacks daily, with Russia being the main source. Experts identify destructive attacks, cyber espionage, and financially motivated attacks.

Vita Zelenetska

