Cybersecurity experts from Microsoft Corp. have warned that Russian government hackers from the Turla or Secret Blizzard group have been disguising their malware as software from Russian cybersecurity company Kaspersky.
Cybersecurity experts from Microsoft Corp. have warned that Russian government hackers from the Turla or Secret Blizzard group have been disguising their malware as software from Russian cybersecurity company Kaspersky.
This is reported by Bloomberg, citing a Microsoft report. It indicates that hackers had access to Russian Internet providers, which they used to attack foreign embassies in Moscow. The hackers redirected Internet traffic from infected devices to collect intelligence data.
«Trusted brands are often used as bait without their knowledge or consent,» a Kaspersky spokesperson said in an official statement.
According to Microsoft, the attacks used malware known as ApolloShadow. It strips encryption from targets and turns their internet activity into clearly readable data, including access to web browsing and sensitive credentials.
Turla, or Secret Blizzard, has been operating for over 25 years and is considered one of the most dangerous in the world. The US government previously stated that this group is part of the Russian Federal Security Service. In 2023, the US Department of Justice dismantled an extensive network of computers that Turla used to attack victims around the world on behalf of the government in Moscow.
The sale of Kaspersky products was previously banned in the US after national security officials said the Russian government had influence over the company.
Earlier, a group of hackers linked to Russia’s foreign intelligence service gained access to the Gmail accounts of Western experts, journalists, and researchers studying Kremlin propaganda and aggression against Ukraine. They forced the victims to independently create and transmit passwords that bypassed the account protection.
