The Russian state-sponsored group Secret Blizzard is running a targeted cyber-espionage operation against diplomats in Moscow. By leveraging an adversary-in-the-middle (AiTM) position, likely made possible through cooperation with local internet service providers, they intercept network traffic and redirect victims to a deceptive captive portal. There, targets are tricked into downloading a fake Kaspersky Anti-Virus installer that silently drops ApolloShadow malware. This malware installs a rogue trusted root certificate, allowing the attackers to maintain long-term access and intercept encrypted communications. Secret Blizzard also uses stealthy techniques to map networks, evade defenses, and extract sensitive intelligence without being detected.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox
