1. Forum
  2. Fidonet
  3. CONSPRCY

  • MS says Russian hackers a

    From Mike Powell@1:2320/105 to All on Fri Aug 1 07:23:19 2025
    Microsoft says Russian hackers are planting fake antivirus software in
    embassy attacks

    Date:
    Fri, 01 Aug 2025 10:28:44 +0000

    Description:
    The hackers are using custom malware to target foreign governments.

    FULL STORY

    Foreign embassies in Moscow are being targeted by Russian state hackers, who are using custom malware tracked as ApolloShadow, disguised as Kaspersky antivirus software , new reports have claimed.

    The attacks have the end goal of installing a TLS root certificate which
    allows the threat actor to cryptographically impersonate trusted websites visited by the infected system inside the embassy, Microsoft Threat Intelligence reports.

    This campaign, which has been ongoing since at least 2024, poses a high risk
    to foreign embassies, diplomatic entities, and other sensitive organizations operating in Moscow, particularly to those entities who rely on local
    internet providers," the experts noted.

    Secret Blizzard

    This cyber espionage campaign targeting diplomats and embassies uses what's known as an adversary-in-the-middle (AiTM) attack, which occurs when hackers intercept and alter communications between two parties without their
    knowledge.

    These frequently leverage other attack vectors like social engineering emails or messages to create conditions in which an attacker can intercept and manipulate the communications between users and the legitimate services they use, then stealing credentials and authenticated access tokens.

    The notorious threat actor, Secret Blizzard, has previously been observed hacking Ukrainian military tech by stealing points of entry from
    third-parties . The group is one of the most sophisticated and most prolific state-sponsored threat actors in the world.

    Microsoft previously assessed with low confidence that Secret Blizzard was conducting cyberespionage within Russian borders against its adversaries, but the company now confirms that they have the capability to carry these out on the Internet Service Provider (ISP) level.

    This means diplomats using local ISP or telecommunications within Russia are highly likely targets of Secret Blizzards AiTM position within those
    services.

    In our previous blog, we reported the actor likely leverages Russias domestic intercept systems such as the System for Operative Investigative Activities (SORM), which we assess may be integral in facilitating the actors current
    AiTM activity, judging from the large-scale nature of these operations, Microsoft confirmed.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-says-russian-hackers-are-plan ting-fake-antivirus-software-in-embassy-attacks

    $$
    --- SBBSecho 3.28-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

Novedades:

Servidor de Quake 3 Arena Online! - Conectate a ferchobbs.ddns.net, puerto 27960 y vence con tu equipo!