Threat Advisories:

Secret Blizzard Strikes Moscow with ApolloShadow

Amber | Attack Report
Download PDF

The Russian state-sponsored group Secret Blizzard is running a targeted cyber-espionage operation against diplomats in Moscow. By leveraging an adversary-in-the-middle (AiTM) position, likely made possible through cooperation with local internet service providers, they intercept network traffic and redirect victims to a deceptive captive portal. There, targets are tricked into downloading a fake Kaspersky Anti-Virus installer that silently drops ApolloShadow malware. This malware installs a rogue trusted root certificate, allowing the attackers to maintain long-term access and intercept encrypted communications. Secret Blizzard also uses stealthy techniques to map networks, evade defenses, and extract sensitive intelligence without being detected.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox

Cyber Horizons 2025

What Last Year’s Attacks Reveal About Today’s Risks

Watch the Webinar on-demand and get a FREE copy of our Cyber Horizons 2025 report.

Our Speakers
Speaker 1

Prateek Bhajanka Global Field CISO & Former Gartner Analyst Hive Pro Inc.

Speaker 2

Ankit Mani Manager Threat Intel HiveForce Labs

Speaker 3

Sreevani Tonipe Senior Threat Researcher HiveForce Labs