Microsoft Warns of Russian Cyber Campaign Targeting Foreign Embassies via Internet Service Providers

Already a subscriber? Make sure to log into your account before viewing this content. You can access your account by hitting the “login” button on the top right corner. Still unable to see the content after signing in? Make sure your card on file is up-to-date.

Microsoft has announced that it has uncovered a sophisticated cyber-espionage campaign by Russia targeting foreign embassies in Moscow by exploiting local internet service providers.

In a blog post, Microsoft revealed that a Russian state-backed hacking group known as Secret Blizzard (linked to the country’s Federal Security Service) is using its access to local internet service providers to intercept and manipulate internet traffic used by diplomatic staff. This allows the group to secretly position itself between embassy devices (computers + phones) and the websites they access (a tactic known as an “adversary-in-the-middle” (AiTM) attack). From this position, they redirect victims to malicious websites disguised as legitimate services, prompting them to download malware under the guise of an antivirus update.

The custom malware, called ApolloShadow, installs a fake certificate on the victim’s device. This gives the attackers the ability to impersonate trusted websites and decrypt sensitive communications. Microsoft warned that this campaign “poses a high risk to foreign embassies, diplomatic entities, and other sensitive organizations operating in Moscow,” especially those relying on local telecommunications infrastructure. Once infected, devices may have encryption disabled, firewall settings relaxed, and their traffic exposed to ongoing surveillance.

Microsoft also suggested that Secret Blizzard may be using Russia’s domestic surveillance system, known as SORM, to help enable these operations. The group, which has previously targeted Ukrainian military systems, foreign ministries, and journalists, is described by Microsoft as “persistent, well-resourced, and creative” in its approach.

The Russian government has not commented on the accusations from Microsoft.