The Kremlin's Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware
1 min read
Summary
Russia’s Turla group has used its access to the country’s internet service providers (ISPs) to plant malware on computers owned by foreign embassy staff in Moscow.
Microsoft’s security team found that the group, also known as Venomous Bear and Snake, and believed to be connected to the Kremlin’s FSB intelligence agency, exploited the browsers used by its targets to access the web.
ISPs are frequently used as a point of surveillance by governments, but in this case the hackers used their opportunity to redirect targets to a download that would disable encryption on their browser, leaving their web traffic entirely vulnerable.
The group allegedly exploits Moscow-based targets’ use of Moscow-based ISPs to access the web.
This technique is especially effective as it doesn’t exploit any zero-day vulnerability, meaning that it can’t be patched.
Microsoft has advised potential victims to use a VPN to shield traffic from ISPs and, if possible, use satellite connections to bypass untrusted ISPs.
