Microsoft Uncovers Ongoing Russian Cyberespionage Campaign
Microsoft 365 has exposed a sophisticated cyberespionage operation, active since 2024, targeting diplomatic missions and sensitive organisations in Russia. The campaign, dubbed ApolloShadow, is linked to the Russia-linked APT group Secret Blizzard and poses a significant threat to those relying on local internet services in the country.
ApolloShadow malware is installed on victims' systems after they are tricked into downloading it through a fake captive portal mimicking a Windows connectivity check. Once installed, the malware prompts users to grant elevated privileges, enabling it to install root certificates, monitor email, and harvest credentials. If granted, ApolloShadow adapts its execution to make system-level changes.
Microsoft uncovered this campaign in February 2025 and published Indicators of Compromise (IoCs) to help organisations protect themselves. The malware can install a fake Kaspersky Anti-Virus trusted root certificate, providing long-term access for cyber espionage. Secret Blizzard uses an adversary-in-the-middle (AiTM) method at the ISP level to deploy the malware, with ER-Telecom, a Russian internet service provider, associated with the AiTM attack.
The ApolloShadow campaign, active since at least 2024 and ongoing, is a serious threat to diplomatic missions and sensitive organisations in Russia. Microsoft's discovery and publication of IoCs have provided crucial information to help protect potential targets. Organisations are advised to remain vigilant and follow best cybersecurity practices to mitigate the risk of infection.
Read also:
- Bishkek: A Time-Capsule City of Soviet Statues and Architecture
- Mitsubishi Electric Acquires Nozomi Networks for $883M in Industrial Cybersecurity Boost
- Strengthening Defense against Multi-faceted menaces in the Age of Authority-driven Technology
- Industries Under Jeopardy Due to Multi-Accounting: Prevention Strategies Revealed in 2024
