Microsoft: Russian hackers use ISP access to hack embassies in AiTM attacks

The hacking group tracked by Microsoft as Secret Blizzard (also known as Turla, Waterbug, and Venomous Bear) has been observed exploiting its adversary-in-the-middle (AiTM) position at the internet service provider (ISP) level to infect the systems of diplomatic missions with custom ApolloShadow malware. Microsoft warns that a cyber-espionage group linked to Russia's Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers. "This is the first time Microsoft can confirm Secret Blizzard's capability to conduct espionage at the ISP level, meaning diplomatic personnel using local internet providers and telecommunications in Russia are at high risk of being targets of Secret Blizzard's AiTM position within those services," Microsoft said. Two years ago, CISA linked the group to Center 16 of Russia's Federal Security Service (FSB) and a peer-to-peer (P2P) network of computers infected with Snake cyber-espionage malware that was later taken down in a joint action involving Five Eyes cybersecurity and intelligence agencies. Once deployed, ApolloShadow installs a trusted root certificate disguised as Kaspersky Anti-Virus, which helps trick compromised devices into recognizing malicious websites as legitimate, allowing threat actors to maintain long-term access for intelligence gathering after infiltrating diplomatic systems. Secret Blizzard hackers are also taking advantage of Russia's domestic interception systems, including the System for Operative Investigative Activities (SORM), to carry out their large-scale AiTM campaigns.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 31 Jul 2025 16:35:25 +0000


Cyber News related to Microsoft: Russian hackers use ISP access to hack embassies in AiTM attacks

Microsoft: Russian hackers use ISP access to hack embassies in AiTM attacks - The hacking group tracked by Microsoft as Secret Blizzard (also known as Turla, Waterbug, and Venomous Bear) has been observed exploiting its adversary-in-the-middle (AiTM) position at the internet service provider (ISP) level to infect the systems ...
3 weeks ago Bleepingcomputer.com Turla
Who is the DOGE and X Technician Branden Spikes? – Krebs on Security - Branden Spikes California Russian Association Congress of Russian Americans Constellation of Humanity Cyberinc Department of Government Efficiency Diana Fishman Donald J. Prior to founding Spikes Security, Branden Spikes was married to a native ...
5 months ago Krebsonsecurity.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
1 year ago Bleepingcomputer.com APT29
CISA orders agencies impacted by Microsoft hack to mitigate risks - CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. It requires them to investigate potentially ...
1 year ago Bleepingcomputer.com APT29
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
1 year ago Bleepingcomputer.com APT29
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
1 year ago Bleepingcomputer.com APT29
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies - After Sandworm and APT28, another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names and has been targeting embassy entities with a BMW car ...
1 year ago Bleepingcomputer.com CVE-2023-38831 APT28 APT29
Russian hackers wiped thousands of systems in KyivStar attack - The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped almost all systems on the telecom operator's network. Following the incident, Kyivstar's mobile and data services went down, ...
1 year ago Bleepingcomputer.com
FSB arrests Russian hackers working for Ukrainian cyber forces - The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Both suspects were taken into custody one same day in two different ...
1 year ago Bleepingcomputer.com
Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
1 year ago Bleepingcomputer.com CVE-2023-23397 Fancy Bear APT28
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
HPE: Russian hackers breached its security team's email accounts - Hewlett Packard Enterprise disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. Midnight ...
1 year ago Bleepingcomputer.com Cozy Bear APT29
CISA: Russian hackers target TeamCity servers since September - CISA and partner cybersecurity agencies and intelligence services warned that the APT29 hacking group linked to Russia's Foreign Intelligence Service has been targeting unpatched TeamCity servers in widespread attacks since September 2023. APT29 is ...
1 year ago Bleepingcomputer.com CVE-2023-42793 Andariel APT29
Ukraine says it hacked Russian aviation agency, leaks data - Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector. Rosaviatsia is the agency responsible for ...
1 year ago Bleepingcomputer.com
Russian Spies Hacked Microsoft Email Systems & Accessed Code - Microsoft has disclosed that Russian government hackers, identified as the group Midnight Blizzard, have successfully infiltrated its corporate email systems and stolen source codes. Microsoft's announcement on March 8, 2024, detailed that Midnight ...
1 year ago Cybersecuritynews.com Cozy Bear APT29
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Ukrainian military says it hacked Russia's federal tax agency - The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service, wiping the agency's database and backup copies. Following this operation, carried out by cyber units within Ukraine's Defense Intelligence, ...
1 year ago Bleepingcomputer.com
Pro-Ukraine hackers breach Russian ISP in revenge for KyivStar attack - A pro-Ukraine hacktivist group named 'Blackjack' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator. Kyivstar is Ukraine's largest telecommunications ...
1 year ago Bleepingcomputer.com
The Largest ISP in Russia Breaks All DDoS Attack Records in 2022 - In 2022, the largest Internet Service Provider (ISP) in Russia set a new global record for the most powerful Distributed Denial of Service (DDoS) attack. The massive influx of traffic originated from government networks and other malicious sources, ...
2 years ago Bleepingcomputer.com
FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
1 year ago Bleepingcomputer.com Fancy Bear APT28 Turla Volt Typhoon
Who Is Behind Pro-Ukrainian Cyberattacks on Iran? - COMMENTARY. Ukrainian cyber forces have attacked Russian infrastructure and assets almost since the first day of the Russian invasion of Ukraine on Feb. 24, 2022. While its mainstay is denial-of-service attacks that have knocked out the Russian ...
1 year ago Darkreading.com
Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News - Google said that while these recent attacks were likely driven by wartime demands to access sensitive government and military communications in the context of Russia’s invasion of Ukraine, researchers expect attacks on Signal to grow and spread to ...
6 months ago Therecord.media Turla
Russian hackers exploiting Outlook bug to hijack Exchange accounts - Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted ...
1 year ago Bleepingcomputer.com CVE-2023-23397 CVE-2023-38831 CVE-2021-40444 APT28
Ukraine: Hack wiped 2 petabytes of data from Russian research center - Planeta is a state research center using space satellite data and ground sources like radars and stations to provide information and accurate predictions about weather, climate, natural disasters, extreme phenomena, and volcanic monitoring. The ...
1 year ago Bleepingcomputer.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
2 years ago Hackread.com

Cyber Trends (last 7 days)