Russian FSB hackers tracked foreign embassies in Moscow using local providers

According to Microsoft, the Turla group has organized a large-scale cyber espionage campaign using Russian internet providers to carry out hacks. The hackers disguised their malware as antivirus software from the Russian company Kaspersky.

Specifically, the hackers targeted foreign embassies by redirecting internet traffic and installing malware as part of what is likely an intelligence-gathering operation.

“Trusted brands are often exploited as lures without their knowledge or consent. We always recommend downloading applications only from official sources and verifying the authenticity of any communication claiming to be from trusted companies,” said a Kaspersky spokesperson.

The malware called ApolloShadow removes encryption from targeted data, enabling internet activity to be converted into readable information - including browsing history and confidential credentials.

According to Bloomberg, the hacking group has been active for over 25 years. The US considers it part of Russia’s Federal Security Service (FSB) and calls it one of the most resilient and sophisticated cyber groups worldwide. In 2023, the US Department of Justice announced the takedown of a global network of computers that Turla used to attack users worldwide on behalf of the Russian government.

Microsoft believes that Russian internal interception systems, notably the System for Operative-Investigative Activities (SORM), likely play a key role in enabling large-scale hacking operations. This system officially legalizes domestic surveillance in Russia, granting the FSB and other security and intelligence agencies access to monitor users.

Earlier, Bloomberg reported that Ukraine has become an easy target for Russian hackers due to reduced US cybersecurity assistance to the country.