Microsoft Discovers Russian Cyber Spy Operation

Uploaded on 2025-08-04 in FREE TO VIEW

A Russian government backed hacking group has been using cyber-espionage operations to hit foreign embassies and diplomats in Moscow. 

This has been uncovered by Microsoft’s Threat Intelligence team, who published a report on July 31.

The group behind the campaign is called Secret Blizzard, or Turla, Waterbug, or Venomous Bear and is thought to be connected to Unit 16 of Russia’s FSB, the country’s main security agency. 

Secret Blizzard has been orchestrating a cyber-espionage campaign since 2024, homing in on diplomats in Moscow with advanced tactics. 

According to Microsoft, Secret Blizzard has been infecting devices that connect to Russian Internet service providers with a sophisticated malware strain dubbed ApolloShadow.

The malware disguises itself as legitimate antivirus software, but in reality, it enables hackers to gain deep access to sensitive information on compromised devices.

ApolloShadow’s Capabilities are Extensive

It can install fake root certificates, allowing the interception and modification of even encrypted Internet traffic. 

The malware can also harvest login credentials, authentication tokens, and other vital information while creating hidden administrator-level accounts to maintain persistent access.

By leveraging its privileged access through Russian ISPs, the group can monitor nearly all online activity within diplomatic missions, including private communications and classified documents related to international negotiations.

“This campaign marks the first known case where hackers have used state-sanctioned access to Internet providers to launch cyberattacks,” Microsoft said in its report.

Recently, authorities in Russia’s Krasnoyarsk region have imposed restrictions on mobile Internet access and the Governor Mikhail Kotyukov has confirmed the measures.

When embassies are targeted by cyber attacks, the fallout goes well beyond national security. 

These threats complicate international relations, prompting businesses and governments to rethink security strategies, cross-border communications, and even how they choose digital partners.

Microsoft      |     United 24     |     Finimize     |     Tech Radar
Reuters     |     Born Tech     |     Deccan Herald

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« AI Aims to Predict & Prevent Prison Violence

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MetaFlows

MetaFlows

MetaFlows’ SaaS malware detection & prevention software passively analyzes the behavior and the content of Internet traffic.

Celare

Celare

Celare delivers DPI based network perimeter monitoring solutions with integrated Big Data security analytics and threat detection.

Seavus

Seavus

Seavus is a software development and consulting company with a proven track-record in providing successful enterprise-wide business solutions including Managed Security Services.

Oznet Cyber Security

Oznet Cyber Security

Oznet Cyber Security is dedicated to offering integral solutions oriented to the support and security of information.

Secure Code Warrior

Secure Code Warrior

Secure your code from the start with gamified, scalable online secure coding training for software developers.

Wise-Mon

Wise-Mon

Wise-Mon is expert in its field of network monitoring and control. We give solutions to huge organizations with tens of thousands of ports, as well as small companies with one switch.

Axiomtek

Axiomtek

Axiomtek is a leading design and manufacturing company in the industrial computer and embedded field.

Arctic Wolf Networks

Arctic Wolf Networks

Arctic Wolf Networks delivers the industry-leading security operations center (SOC)-as-a-service that redefines the economics of cybersecurity.

IntelligInts

IntelligInts

IntelligInts provide 24×7 threat monitoring, hunting, alerting, and mitigation in our world class Security Operations Center.

Digitpol

Digitpol

Digitpol’s Cyber Crime Investigation experts investigate hacking incidents, ransomware, extortion and conduct security audits and IT upgrades.

NSR

NSR

NSR provide trusted solutions that deliver positive business outcomes for our clients in cybersecurity and data protection challenges.

Emtec

Emtec

Emtec’s cyber security team provides advisory, assessment, & managed security services that help you build the cyber security policies, toolsets & best practices to elevate your cyber security posture

SydeLabs

SydeLabs

At SydeLabs, our mission is to ensure the comprehensive security of your AI systems.

eGeneration

eGeneration

eGeneration is one of the leading technology solutions and system integration companies in Bangladesh.

LeakSignal

LeakSignal

At LeakSignal, we transform the way you monitor and protect your data. We provide unparalleled visibility and control over your sensitive data flows.

Cyber Security Centre for the Isle of Man (CSC)

Cyber Security Centre for the Isle of Man (CSC)

The Cyber Security Centre for the Isle of Man is responsible for the delivery of the Isle of Man National Cyber Security Strategy.