Microsoft reveals FSB hackers who spied on embassies in Moscow

Microsoft has exposed a group of Russian hackers known as “Secret Blizzard”, or “Turla”, who were conducting a massive espionage campaign against embassies in Moscow.

Bloomberg writes about this with reference to a Microsoft report.

According to Microsoft, the attackers used Russian internet service providers for their hacking attacks. They also disguised the malware as antivirus software from the Russian company Kaspersky.

After gaining access to Russian internet service providers, the hackers targeted foreign embassies in Moscow. They redirected victimsʼ internet traffic and distributed malware as part of an intelligence-gathering operation. Microsoft declined to name the specific targets of the operation.

The malware, called “ApolloShadow”, removes encryption from victimsʼ data, turning their online activity, including browsing history and sensitive credentials, into public information.

The hacking group has been active for more than 25 years. The US government has said that the group, considered one of the most persistent in the world, is a unit of Russiaʼs FSB. The US Department of Justice said in 2023 that it had taken down a sprawling network of computers that “Turla” was using to launch attacks around the world on behalf of the government in Moscow.

In 2015, Ukraine imposed sanctions on Kaspersky. The United States banned the sale of its products in 2024 due to allegations that the Russian government has influence over the company.

• On July 15, the European Union dismantled a hacking group that supported Russian aggression against Ukraine. Law enforcement agencies from 12 countries, along with Eurojust and Europol, participated in the special operation. The group carried out attacks during political events, such as the European Parliament elections, NATO summits, and events in support of Ukraine.

For more news and in-depth stories from Ukraine, please follow us on X.