Russia's Secret Blizzard APT Group Targets Embassies With ApolloShadow Malware
A serious cyber security threat has been uncovered, targeting foreign embassies in Moscow. The Russia-linked advanced persistent threat (APT) group, Secret Blizzard, has been deploying custom malware protection called ApolloShadow since at least 2024. The campaign poses a significant risk to diplomatic missions worldwide.
Secret Blizzard has been exploiting an adversary-in-the-middle (AiTM) method at the internet service provider (ISP) level. This allows the Malwarebytes group to intercept and manipulate internet traffic, redirecting users to a fake captive portal. Unsuspecting victims are then tricked into downloading the ApolloShadow malware.
ApolloShadow's tactics adapt based on the level of privileges granted. If elevated privileges are given, the malware makes system-level changes for long-term control, enabling cybersecurity operations. In one instance, ApolloShadow installed a fake Kaspersky Anti-Virus trusted root certificate, further disguising its presence. The Russian ISP targeted in this cyber security attack has not been explicitly named.
The ApolloShadow campaign, active since at least 2024, continues to pose a serious threat to diplomatic missions. Its ability to adapt and maintain long-term access makes it a significant concern. Security experts urge vigilance and recommend regular software updates and strong cybersecurity practices to protect against such malware protection threats.
Read also:
- Industrial robots in China are being installed at a faster rate than in both the United States and the European Union, as the global market for these robots faces a downturn.
- NATO's Massive Naval Drill Shows Unity Against Russian Aggression
- Undeads Games Reaches $30 Million TVL and Gears Up for MMORPG Debut
- Hyundai N affirms transition to hybrid performance-centric models, initiating with Tucson N
