Foreign Embassies and Diplomats in Moscow at Risk: Microsoft Accuses Russia's FSB of Employing Malware
In a significant revelation, Microsoft has accused Russia's Federal Security Service (FSB) of conducting a sophisticated cyber-espionage campaign targeting foreign embassies and diplomatic organizations in Moscow. The tech giant's accusations suggest that the FSB has been using local internet service providers (ISPs) to facilitate malware attacks and data theft.
Microsoft's findings indicate that in February 2025, a hacking unit linked to the activity, known as "Secret Blizzard" or "Turla," launched malware deployments inside the embassies’ systems via ISP infrastructure. This allowed for the redirection of internet traffic to install espionage tools undetected. The hacking group, believed to be an elite unit within the FSB with a long history of targeting governments and journalists globally, employs custom backdoors and malware, notably called ApolloShadow. This malware strips encryption and captures sensitive information including browser history and credentials.
The campaign has intensified international pressure on Russia, coinciding with heightened geopolitical tensions due to the war in Ukraine and NATO's response with increased defense commitments. However, specific embassies affected by the campaign have not been publicly identified by Microsoft. The ongoing Russian cyber threat against diplomatic missions even within Russian territory underscores the high risk posed to foreign embassies, diplomatic entities, and other sensitive organizations operating in Moscow.
Microsoft’s recent disclosure exposes a high-level FSB cyber espionage operation involving the compromise of embassy networks in Moscow through malware facilitated by ISPs. The company's analysis confirms that the FSB is conducting cyber-espionage at the ISP level. The custom backdoors installed as part of this campaign can be used to install additional malware and steal data.
The US government has been aware of the hacking unit's activities for nearly 20 years, with the Department of State previously stating that Turla has been hacking governments, journalists, and others globally. The US government made this statement in May 2023.
Russia has denied carrying out cyber-espionage operations. The US Department of State, as well as Russian diplomats, did not respond to requests for comment from the Reuters news agency.
This revelation comes amid increasing pressure from Washington for Moscow to agree to a ceasefire in its war in Ukraine. The specific implications for diplomatic security and international relations as a result of this cyber-espionage operation are yet to be fully understood.
The Microsoft's disclosure of a sophisticated cyber-espionage campaign suggests an intense analysis of the role of local internet service providers (ISPs) in facilitating malware attacks and data theft. The company's confirmation of FSB's cyber-espionage at the ISP level also highlights the critical importance of cybersecurity in politics and general-news, especially in times of high geopolitical tension, such as the ongoing war in Ukraine. This revelation could potentially influence future politics, as it presents a significant challenge to diplomatic security and international relations.
