Microsoft says Russian hackers are planting fake antivirus software in embassy attacks

• Microsoft uncovers cyber espionage attacks targeting diplomats
• Embassies within Russia are being hit with malware
• The threat actors are using adversary-in-the-middle attacks

Foreign embassies in Moscow are being targeted by Russian state hackers, who are using custom malware tracked as ApolloShadow, disguised as Kaspersky antivirus software, new reports have claimed.

The attacks have the end goal of installing a TLS root certificate which allows the threat actor to ‘cryptographically impersonate’ trusted websites visited by the infected system inside the embassy, Microsoft Threat Intelligence reports.

“This campaign, which has been ongoing since at least 2024, poses a high risk to foreign embassies, diplomatic entities, and other sensitive organizations operating in Moscow, particularly to those entities who rely on local internet providers," the experts noted.