Secret Blizzard Unleashes ApolloShadow: A Comedy of Diplomatic Errors in Moscow’s Cyber Scene
Secret Blizzard’s latest cyber espionage campaign uses ApolloShadow malware to target foreign embassies in Moscow via adversary-in-the-middle attacks at the ISP level. By installing a trusted root certificate, they trick devices into trusting malicious sites and maintain persistence for intelligence collection. Diplomatic personnel are advised to use VPNs and enforce least privilege principles.
Hot Take:
Secret Blizzard is back at it again, proving that Russian cyber espionage is as persistent as a cat trying to get into a closed room. With their new ApolloShadow malware, they’re turning embassies into their own digital playgrounds. Who needs James Bond when you’ve got hackers with a penchant for certificate trickery and some serious network gymnastics? It seems like the new diplomatic norm in Moscow is ‘come for the diplomacy, stay for the malware.’
Key Points:
- Secret Blizzard targets foreign embassies in Moscow using adversary-in-the-middle attacks at the ISP level.
- The custom malware, ApolloShadow, installs a trusted root certificate to maintain persistence on devices.
- The operation likely started in 2024 and is affiliated with the Russian Federal Security Service.
- Secret Blizzard uses lawful intercepts and Kaspersky antivirus guise for root certificate installation.
- Diplomatic entities are advised to use encrypted tunnels or VPNs to protect against these attacks.