Russia Uses ISPs to Spy on Diplomats, Warns Microsoft

Russian Intelligence Tied to SSL Stripping Attacks Designed for Eavesdropping Mathew J. Schwartz (euroinfosec) • August 4, 2025

Russian spies are surveilling foreign diplomats by installing malware at Moscow internet service providers, Microsoft warns.

See Also: OnDemand | North Korea's Secret IT Army and How to Combat It

The computing giant said Friday it has evidence that a Russian state actor it tracks as Secret Blizzard is using an adversary-in-the-middle technique to deploy a custom application known as ApolloShadow. The malware tricks devices into installing root web browser certificates by masquerading as software from Russian cybersecurity firm Kaspersky. That allows cyberspies to strip off web TLS encryption protections and capture web browsing activity, including certain identity tokens and credentials.

"This campaign, which has been ongoing since at least 2024, poses a high risk to foreign embassies, diplomatic entities and other sensitive organizations operating in Moscow, particularly to those ...