Microsoft catches Russian hackers targeting foreign embassies
1 min read
Summary
Microsoft has warned that Russian state-sponsored hackers are targeting foreign embassies with custom malware installed through man-in-the-middle (MitM) attacks at the ISP level, which enables the hackers to intercept communication between the target and an endpoint.
Named “Secret Blizzard” by Microsoft, the group has been active since at least 1996 and is believed to be affiliated with the Russian Federal Security Service.
The purpose of the campaign is to induce the installation of the group’s malware, called ApolloShadow, which once installed, allows the group to impersonate trusted websites visited by the infected system inside the embassy.
The wide use of MitM attacks in legitimate settings suggests potential victims may not question being redirected to a portal, which can then result in the installation of the malware.
These findings follow recent warnings from the US and UK governments that state-sponsored cyber-attacks are a major threat to businesses and other organisations, with the US citing Russia, China, North Korea, and Iran as actively launching attacks.
