Microsoft Discovers Russian Cyber Spy Operation

Uploaded on 2025-08-04 in FREE TO VIEW

A Russian government backed hacking group has been using cyber-espionage operations to hit foreign embassies and diplomats in Moscow. 

This has been uncovered by Microsoft’s Threat Intelligence team, who published a report on July 31.

The group behind the campaign is called Secret Blizzard, or Turla, Waterbug, or Venomous Bear and is thought to be connected to Unit 16 of Russia’s FSB, the country’s main security agency. 

Secret Blizzard has been orchestrating a cyber-espionage campaign since 2024, homing in on diplomats in Moscow with advanced tactics. 

According to Microsoft, Secret Blizzard has been infecting devices that connect to Russian Internet service providers with a sophisticated malware strain dubbed ApolloShadow.

The malware disguises itself as legitimate antivirus software, but in reality, it enables hackers to gain deep access to sensitive information on compromised devices.

ApolloShadow’s Capabilities are Extensive

It can install fake root certificates, allowing the interception and modification of even encrypted Internet traffic. 

The malware can also harvest login credentials, authentication tokens, and other vital information while creating hidden administrator-level accounts to maintain persistent access.

By leveraging its privileged access through Russian ISPs, the group can monitor nearly all online activity within diplomatic missions, including private communications and classified documents related to international negotiations.

“This campaign marks the first known case where hackers have used state-sanctioned access to Internet providers to launch cyberattacks,” Microsoft said in its report.

Recently, authorities in Russia’s Krasnoyarsk region have imposed restrictions on mobile Internet access and the Governor Mikhail Kotyukov has confirmed the measures.

When embassies are targeted by cyber attacks, the fallout goes well beyond national security. 

These threats complicate international relations, prompting businesses and governments to rethink security strategies, cross-border communications, and even how they choose digital partners.

Microsoft      |     United 24     |     Finimize     |     Tech Radar
Reuters     |     Born Tech     |     Deccan Herald

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« AI Aims to Predict & Prevent Prison Violence

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Law Enforcement Cyber Center (LECC)

Law Enforcement Cyber Center (LECC)

LECC is designed to assist police, digital forensic investigators, detectives, and prosecutors who are investigating and preventing crimes that involve technology.

Zertificon Solutions

Zertificon Solutions

Zertificon is a leader in professional email encryption and data security.

Data61

Data61

Data61 is Australia’s leading digital research network offering the research capabilities, IP and collaboration programs to unleash the country’s digital & data-driven potential.

ThreatSpike Labs

ThreatSpike Labs

ThreatSpike Labs provides the first end-to-end fully managed security service for companies of all sizes.

National Cyber Security Center (NCSC) - Hungary

National Cyber Security Center (NCSC) - Hungary

The National Cyber Security Center was established in 2015 by uniting the GovCERT-Hungary, National Electronic Information Security Authority (NEISA) and the Cyber Defence Management Authority (CDMA).

Accertify

Accertify

Accertify is a leading provider of fraud prevention, chargeback management, and payment gateway solutions.

The ai Corporation

The ai Corporation

The ai Enterprise Fraud Solution is an on-prem or cloud-based self-service, machine learning fraud detection and prevention tool set.

Blockchain Solutions

Blockchain Solutions

Blockchain Solutions Limited is a technological One Stop Solution provider, for Blockchain technology.

Casque SNR

Casque SNR

CASQUE SNR is the next generation of Identity Assurance that has potential to supersede existing solutions. It provides Identity Assurance for both people and things.

PQShield

PQShield

PQShield are specialists in Post-Quantum Cryptography. We provide quantum-secure cryptographic solutions for software, software/hardware co-design and data in transit.

Triaxiom Security

Triaxiom Security

Triaxiom Security offers penetration testing, security audits, and strategic consulting customized to meet your needs.

CodeLock

CodeLock

Codelock is a patent-pending solution that continuously provides software security at the code level, while providing advanced management insights with performance metrics and data analytics.

Cybernatics

Cybernatics

Cybernatics is inspired by bringing together best-in-class innovations around Cybersecurity and Analytics. We offer tailored enterprise solutions to safeguard your organisations best interests.

CYBHORUS

CYBHORUS

CYBHORUS are a team of Italian cyber security experts, specialized in cyber threat defense and strategic and organizational consulting.

Tranchulus

Tranchulus

Tranchulus are a global provider of offensive and defensive cyber solutions, information security assessment, compliance and managed security services.

Hanwha Systems

Hanwha Systems

Hanwha Systems is a global company based in South Korea providing defense electronics and smart ICT solutions.