A new report from Microsoft’s threat intelligence division reveals attempts by the Russian hacker group Turla, also known as Secret Blizzard, to spy on foreign embassies in Moscow. This activity includes attacks on local internet service providers, enabling the attackers to access targeted data.
According to information obtained by Microsoft, after gaining control over Russian providers, the hackers redirected users’ internet traffic and distributed “malware” to collect intelligence information.
The report also notes that Turla disguises its “malware” by posing it as cybersecurity software developed by the Russian company Kaspersky.
“Trusted brands are often used as bait without their knowledge or consent… We always recommend downloading applications only from official sources and verifying the authenticity of any message purportedly coming from trusted companies.”
Microsoft also reports that the malware known as ApolloShadow is capable of decrypting targeted data, allowing hackers to obtain clearly readable information, including browsing data and confidential credentials.
This hacker group, active for over 25 years, is considered one of the most sophisticated and resilient in the world. The U.S. government points out that Turla is part of Russia’s Federal Security Service. In 2023, the U.S. Department of Justice announced the takedown of a large network of computers used to carry out attacks on users worldwide on behalf of the Russian government.
According to Microsoft, Russian interception systems such as the System for Operative-Investigative Activities (SORM) likely play a key role in executing these large-scale operations. SORM is a legally mandated framework for internal interception and surveillance in Russia, allowing the FSB and other law enforcement and intelligence agencies to exercise control.
