Microsoft catches Russian hackers targeting foreign embassies
arstechnica.com
Russian-state hackers are targeting foreign embassies in Moscow with custom malware that gets installed using adversary-in-the-middle attacks that operate at the ISP level, Microsoft warned Thursday.
The campaign has been ongoing since last year. It leverages ISPs in that country, which are obligated to work on behalf of the Russian government. With the ability to control the ISP network, the threat group—which Microsoft tracks under the name Secret Blizzard—positions itself between a targeted embassy and the end points they connect to, a form of attack known as an adversary in the middle, or AitM. The position allows Secret Blizzard to send targets to malicious websites that appear to be known and trusted.
Objective: Install ApolloShadow
“While we previously assessed with low confidence that the actor conducts cyberespionage activities within Russian borders against foreign and domestic entities, this is the first time we can confirm that they have the ...
Copyright of this story solely belongs to arstechnica.com . To see the full text click HERE