Microsoft revealed how Russian hackers from the Turla group spied on foreign diplomats in Moscow
The Russian hacker group Turla (Secret Blizzard), which is affiliated with the FSB, conducted a large-scale espionage campaign against embassies in Moscow, disguising the attacks as the work of Kaspersky and using them to spy on Russian providers.
As Bloomberg writes, citing a Microsoft report, hackers gained access to Russian ISPs and attacked embassies, redirecting victims' Internet traffic and distributing malware as part of an intelligence-gathering operation.
It is noted that the ApolloShadow malware can remove encryption from victims' data and turn their Internet activity, including browsing history and sensitive credentials, into publicly available information.
A Kaspersky representative told the publication that "trusted brands are often used as bait without their knowledge or consent." As is known, in 2015, Ukraine imposed sanctions against Kaspersky, and in the US, the sale of its products was banned only in 2024 due to the assumption that the Russian government has influence over the company.
The Turla hacking group has reportedly been operating for over 25 years, and the US government has said it is considered one of the most resilient in the world and is a division of the Russian Federal Security Service (FSB). The US Department of Justice said in 2023 that it had taken down a sprawling network of computers that Turla had been using to launch attacks around the world on behalf of the Russian government. A key role in such attacks is played by the SORM system, a state-run Internet surveillance platform that requires ISPs to provide the FSB with technical access to traffic.
As we wrote earlier, recently, as a result of an international special operation in Kyiv, the developer of a hacking platform with more than 50,000 registered users was exposed. Among these users are well-known hacker groups, in particular REvil, LockBit, Conti, Qilin. It is noted that using the "services" of the forum, cybercrime attacked automated management systems of banks, government agencies and large corporations in the USA and the EU. Thus, the attackers used malicious software purchased on the forum and priority access to computer networks of international companies to further extort money, and in case of refusal, they threatened the victims with "dumping" their data on the Internet and paralyzing the work of the organization.
Read also: Hacker attack on Microsoft affected about 400 organizations worldwide
North Korean hackers ran a US 'laptop farm' from a woman's home in Arizona