A Russian government-backed hacker group known as Secret Blizzard has targeted the Ukrainian military using tools and infrastructure developed by cybercriminals, according to a recently published report by Microsoft. The findings underscore the growing complexity of cyber warfare tactics when state actors use the resources of criminal organizations.
A report provided to TechCrunch ahead of publication describes how Secret Blizzard, a group affiliated with Russia’s Federal Security Service (FSB) that other cybersecurity firms call Turla, used a botnet called Amady to attack devices associated with the Ukrainian military and border guards between March and April of this year.
Amadey, which is commonly used by cybercriminals to install cryptominers, is sold on Russian hacker forums. Microsoft researchers believe that Secret Blizzard either paid to use the botnet as a service or hacked it. The use of such tools allows hackers to avoid detection and conceal their origins, explained Sherrod DeGrippo, Microsoft’s director of threat intelligence strategy.
Secret Blizzard’s activities are aimed at gathering intelligence and establishing long-term spyware footholds. The malware used in this campaign was designed to collect system information, such as device names and antivirus software, as a prerequisite for deploying additional malware or hacking tools. The targets included devices using Starlink, a SpaceX satellite service that plays an important role in Ukrainian military operations.
Microsoft researchers also found that this is not the first time such activity has occurred. Secret Blizzard has repeatedly used cybercrime infrastructure for its operations in Ukraine since 2022, using these tools to facilitate the deployment of its own malware.
According to a Microsoft report, the Secret Blizzard group has a long history of attacking foreign ministries, embassies, government agencies, and defense-related organizations around the world. The group’s methods often include the use of tools and infrastructure from other hacker groups. For example, since 2017, Secret Blizzard has been using state-sponsored hacking efforts from Iran, Kazakhstan, and Pakistan to conduct espionage campaigns in regions such as Afghanistan and India.
Last week, Microsoft and Black Lotus Labs reported that Secret Blizzard used the tools of a Pakistani hacker group to attack military and intelligence systems in Afghanistan and India. This tactic of “tool hijacking” has become a hallmark of Secret Blizzard’s operations.
Loading comments …