Get the latest tech news

Microsoft catches Russian hackers targeting foreign embassies


End goal is the installation of a malicious TLS root certificate for use in intel gathering.

With the ability to control the ISP network, the threat group—which Microsoft tracks under the name Secret Blizzard—positions itself between a targeted embassy and the end points they connect to, a form of attack known as an adversary in the middle, or AitM. “While we previously assessed with low confidence that the actor conducts cyberespionage activities within Russian borders against foreign and domestic entities, this is the first time we can confirm that they have the capability to do so at the Internet Service Provider (ISP) level,” members of the Microsoft Threat Intelligence team wrote. These portals are widely used in legitimate settings to manage Internet access at hotels and airports by requiring newly connected users to authenticate themselves, provide payment card information, or accept terms of service.

Get the Android app

Or read this on ArsTechnica

Read more on:

Photo of Microsoft

Microsoft

Photo of Russian

Russian

Photo of Russian hackers

Russian hackers

Related news:

News photo

Microsoft confirms it made $27 billion after laying off 9,000 people, and its CEO physically cannot stop talking about AI: "Cloud and AI is the driving force of business transformation across every industry and sector"

News photo

Microsoft to disable Excel workbook links to blocked file types

News photo

Microsoft's Azure AI Speech needs just seconds of audio to spit out a convincing deepfake