Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Microsoft report. Show all posts
Microsoft report
Chinese cyber espionage Cyber Attacks Cyber Threats Microsoft report

Microsoft Flags Russian ISP-Level Hacking Campaign Targeting Embassies in Moscow

 

Microsoft has revealed that a cyber-espionage group linked to Russia’s Federal Security Service (FSB) is conducting advanced attacks against foreign diplomatic missions in Moscow by exploiting local internet service providers (ISPs). 

The threat actor, tracked by Microsoft as Secret Blizzard also known as Turla, Waterbug, and Venomous Bear has been observed using an adversary-in-the-middle (AiTM) position at the ISP level to deliver a custom malware strain called ApolloShadow. According to Microsoft, the attackers intercept and redirect embassy staff and other high-value targets to deceptive captive portals. 

These portals prompt victims to download what appears to be a legitimate Kaspersky antivirus update but is, in fact, a malware installer. Once executed, the malicious software adds a trusted root certificate, enabling the attackers to disguise harmful websites as safe, maintain persistence, and exfiltrate sensitive data. 

“This is the first time we can confirm Secret Blizzard’s ability to perform espionage at the ISP level in Russia,” Microsoft stated, warning that any diplomatic personnel using local telecommunications networks in Moscow are at heightened risk. 

While Microsoft detected the current wave of attacks in February 2025, the campaign has reportedly been active since at least 2024. Investigators believe the hackers are also exploiting Russia’s domestic interception framework, known as the System for Operative Investigative Activities (SORM), to scale their AiTM operations.

A Veteran Espionage Group with Unconventional Tactics Secret Blizzard has been active since at least 1996, targeting embassies, government bodies, and research institutions in over 100 countries. The group has been linked to the FSB’s Center 16 and to the now-dismantled Snake cyber-espionage network, taken down in a joint operation by the Five Eyes intelligence alliance. 

Turla’s past activities have included infiltrations against high-profile entities such as the U.S. Central Command, NASA, the Pentagon, several Eastern European ministries, the Finnish Foreign Ministry, and multiple EU governments. Known for their creativity, the hackers have hidden malware commands in Instagram photo comments, hijacked Iranian and Pakistani hacking infrastructure to mislead investigators, and targeted Ukrainian military networks connected to Starlink. 

Microsoft’s findings underline the significant cyber risks for foreign embassies and sensitive organisations operating in Russia, especially those reliant on local ISPs for connectivity.
Read more »
Ransomware
AI threats Cyber defense Cybersecurity Microsoft report Nation-State Attacks public-private cooperation Ransomware

Microsoft Warns of 600 Million Daily Cyberattacks and Sophisticated Nation-State Tactics

 

A new security report from Microsoft reveals a complex and evolving cyber landscape where cutting-edge technologies, state-sponsored activities, and organized crime are converging, posing unprecedented challenges. To combat these threats, a united global effort is more critical than ever.

According to Microsoft's 2024 Digital Defense Report, over 600 million cyberattacks by criminals and nation-states take place daily, targeting individuals, businesses, and governments worldwide.

A key finding of the 110-page report is the increasing sophistication of cyber threats. Both criminal organizations and state-sponsored actors are leveraging advanced technologies, including generative AI, to enhance their attacks. This technological evolution has made cyber defenses more difficult to maintain.

One of the report’s most concerning observations is the growing collaboration between cybercrime syndicates and nation-state groups. These partnerships are leading to the sharing of tools and techniques, further blurring the lines between criminal and government-backed cyber operations and creating more diverse and effective attack methods.

State-sponsored actors, particularly, are ramping up their cyber activities, motivated by goals ranging from financial gain to intelligence collection, with a strong focus on military targets. For example, Russian threat actors have outsourced parts of their cyber-espionage campaigns to criminal groups, targeting at least 50 Ukrainian military devices with malware. Meanwhile, Iranian actors have combined ransomware attacks with influence operations, and North Korean groups are developing new ransomware variants like FakePenny, aimed at aerospace and defense industries. Chinese cyber efforts remain consistent, continuing to target Taiwan and Southeast Asia.

With the U.S. presidential election approaching, the report raises concerns about foreign interference. Although the public conversation around this issue has quieted since 2020, Russia, Iran, and China are exploiting geopolitical tensions to undermine trust in democratic systems. Other hotspots for cyber activity include countries involved in military conflicts or regional disputes, such as Israel, Ukraine, the UAE, and Taiwan.

Microsoft stresses that addressing these growing threats requires collaboration between the public and private sectors, as well as advancements in policy and cybersecurity practices. Enhanced multi-factor authentication, attack surface reduction, and stronger protections for cloud infrastructure are increasingly essential as the cyber threat landscape continues to evolve.
Read more »
Subscribe to: Posts (Atom)