Russian Cyberstorm: Secret Blizzard Wreaks Havoc on Moscow Embassies with ApolloShadow Malware
Russia-linked Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware. Using ISP-level AiTM attacks, they trick devices into trusting malicious sites, enabling long-term espionage. Microsoft reports this is the first confirmed ISP-level capability by Secret Blizzard, posing a significant threat to diplomatic missions in Russia.
Hot Take:
Russia is back at it again with their digital snowstorm, Secret Blizzard, proving that when it comes to cyber espionage, they’re more relentless than a Moscow winter. With their new ApolloShadow malware, they’re making sure that foreign embassies in Moscow don’t just feel the cold, but also the chill of being watched. It’s like Russia’s way of saying, “Welcome to Moscow, where the Wi-Fi is free but your privacy will cost you!”
Key Points:
- Russia-linked Secret Blizzard (aka a whole bunch of other menacing names) is targeting foreign embassies in Moscow.
- They’re using a sneaky adversary-in-the-middle (AiTM) attack at the ISP level.
- The custom malware, ApolloShadow, tricks devices into trusting malicious sites by installing fake Kaspersky certificates.
- Once installed, ApolloShadow can monitor traffic, harvest credentials, and maintain long-term system access.
- Microsoft has published Indicators of Compromise (IoCs) for this campaign.