By Alimat Aliyeva
The hacker group Secret Blizzard (also known as Turla), which is believed to be linked to Russia’s FSB, has been conducting a sophisticated cyber espionage campaign targeting foreign embassies operating within the Russian Federation, Azernews reports.
According to Microsoft, this campaign has been active since at least early 2024, although the specific diplomatic missions affected have not been publicly disclosed.
Experts at Microsoft highlight that this operation marks the first known instance of hackers leveraging government-sanctioned access to Russian Internet Service Providers (ISPs) to carry out attacks.
“While we previously assessed with low confidence that this group might be conducting cyber espionage within Russia against foreign and domestic targets, we can now confirm they possess the capability to operate at the ISP level,” the report states.
The campaign uses a malware known as ApolloShadow, which is installed on devices connected to Russian ISPs and telecommunications networks. This malware tricks devices into trusting malicious websites by mimicking legitimate traffic. Notably, Microsoft suggests that the hackers disguised their malicious software to resemble antivirus programs from Kaspersky Lab, one of Russia's most prominent cybersecurity firms.
Through these methods, the attackers reportedly maintain persistent access to diplomats’ devices, likely aiming to collect sensitive intelligence. Microsoft’s analysis indicates that the hackers can monitor a large portion of the victims’ internet traffic and gain access to confidential login credentials.
This operation underscores the evolving nature of cyber espionage, where state-linked actors increasingly exploit infrastructure-level access to target high-value entities like diplomatic missions. The blending of malware with trusted software further complicates detection and defense, raising concerns about the security of international communications within Russia.
Interestingly, this campaign reveals how cyber threats are becoming more embedded within national infrastructure, blurring the lines between state security operations and espionage—posing new challenges for global cybersecurity frameworks.
