Microsoft reveals Russian attack targeting Moscow embassies

In a shocking report published by Microsoft on Thursday, the company revealed the activity of a dangerous Russian hacking group that has been active for over 25 years, targeting foreign embassies in Moscow by exploiting local internet service providers.

The group known as "Turla" or "Secret Blizzard" has conducted a widespread cyber espionage campaign, impersonating a well-known cybersecurity company, Kaspersky, to deploy advanced malware that allows it to infiltrate embassy networks and collect sensitive information.

Microsoft explained that the malware, called "ApolloShadow", decrypts internet browsing data and communication traffic, making the exchanged information clear and readable, including confidential credentials.

The report noted that the "Turla" group is linked to the Russian Federal Security Service and is considered one of the most advanced and persistent hacking groups in the world.

These operations come in collaboration with local surveillance systems in Russia, such as the operational investigative activities system "SORM", which provides the legal cover for monitoring communications within the country.

For its part, Microsoft declined to disclose the specific targeted embassies, while Kaspersky confirmed that its brand is being used as bait without its consent, advising users to rely on official sources for downloading software and to verify the authenticity of incoming communications.

It is worth mentioning that the U.S. Department of Justice was able in 2023 to disable a massive network of computers that the "Turla" group was using to target victims around the world, while Kaspersky products were banned in the United States due to security concerns over potential Russian influence on the company.

These developments come amid rising tensions between global powers in the field of cybersecurity, where cyber espionage remains a key focus of modern conflicts between nations.