Technologist Mag
  • Home
  • Tech News
  • AI
  • Apps
  • Gadgets
  • Gaming
  • Guides
  • Laptops
  • Mobiles
  • Wearables
  • More
    • Web Stories
    • Trending
    • Press Release

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

What's On

Lava Blaze Dragon 5G With a 5,000mAh Battery Goes on Sale in India: Price, Offers

1 August 2025

14 Great Couches You Can Buy Online

1 August 2025

Amazon Great Freedom Festival Sale 2025: Best Deals on Headphones

1 August 2025

Amazon CEO Andy Jassy Wants to Place Advertisements in Multiturn Conversations With Alexa+

1 August 2025

Samsung Exynos 2600 Confirmed to Be the First Chipset Built on 2nm GAA Process

1 August 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram
Technologist Mag
SUBSCRIBE
  • Home
  • Tech News
  • AI
  • Apps
  • Gadgets
  • Gaming
  • Guides
  • Laptops
  • Mobiles
  • Wearables
  • More
    • Web Stories
    • Trending
    • Press Release
Technologist Mag
Home » The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware
Tech News

The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware

By technologistmag.com31 July 20253 Mins Read
Share
Facebook Twitter Reddit Telegram Pinterest Email

The Russian state hacker group known as Turla has carried out some of the most innovative hacking feats in the history of cyberespionage, hiding their malware’s communications in satellite connections or hijacking other hackers’ operations to cloak their own data extraction. When they’re operating on their home turf, however, it turns out they’ve tried an equally remarkable, if more straightforward, approach: They appear to have used their control of Russia’s internet service providers to directly plant spyware on the computers of their targets in Moscow.

Microsoft’s security research team focused on hacking threats today published a report detailing an insidious new spy technique used by Turla, which is believed to be part of the Kremlin’s FSB intelligence agency. The group, which is also known as Snake, Venomous Bear, or Microsoft’s own name, Secret Blizzard, appears to have used its state-sanctioned access to Russian ISPs to meddle with internet traffic and trick victims working in foreign embassies operating in Moscow into installing the group’s malicious software on their PCs. That spyware then disabled encryption on those targets’ machines so that data they transmitted across the internet remained unencrypted, leaving their communications and credentials like usernames and passwords entirely vulnerable to surveillance by those same ISPs—and any state surveillance agency with which they cooperate.

Sherrod DeGrippo, Microsoft’s director of threat intelligence strategy, says the technique represents a rare blend of targeted hacking for espionage and governments’ older, more passive approach to mass surveillance, in which spy agencies collect and sift through the data of ISPs and telecoms to surveil targets. “This blurs the boundary between passive surveillance and actual intrusion,” DeGrippo says.

For this particular group of FSB hackers, DeGrippo adds, it also suggests a powerful new weapon in their arsenal for targeting anyone within Russia’s borders. “It potentially shows how they think of Russia-based telecom infrastructure as part of their toolkit,” she says.

According to Microsoft’s researchers, Turla’s technique exploits a certain web request browsers make when they encounter a “captive portal,” the windows that are most commonly used to gate-keep internet access in settings like airports, airplanes, or cafes, but also inside some companies and government agencies. In Windows, those captive portals reach out to a certain Microsoft website to check that the user’s computer is in fact online. (It’s not clear whether the captive portals used to hack Turla’s victims were in fact legitimate ones routinely used by the target embassies or ones that Turla somehow imposed on users as part of its hacking technique.)

By taking advantage of its control of the ISPs that connect certain foreign embassy staffers to the internet, Turla was able to redirect targets so that they saw an error message that prompted them to download an update to their browser’s cryptographic certificates before they could access the web. When an unsuspecting user agreed, they instead installed a piece of malware that Microsoft calls ApolloShadow, which is disguised—somewhat inexplicably—as a Kaspersky security update.

That ApolloShadow malware would then essentially disable the browser’s encryption, silently stripping away cryptographic protections for all web data the computer transmits and receives. That relatively simple certificate tampering was likely intended to be harder to detect than a full-featured piece of spyware, DeGrippo says, while achieving the same result.

Share. Facebook Twitter Pinterest LinkedIn Telegram Reddit Email
Previous ArticleEverything Announced At The July Nintendo Partner Direct
Next Article Qualcomm Said to be Developing Another High-End Chipset; Could Offer Snapdragon 8 Elite-Level Performance

Related Articles

14 Great Couches You Can Buy Online

1 August 2025

Palantir Is Extending Its Reach Even Further Into Government

1 August 2025

Top Surfshark Promo Codes for August 2025

1 August 2025

Measles Cases Are Soaring in Mexico

31 July 2025

Review: Asus Chromebook CX14

31 July 2025

The Best Cheap Headphones for $100 or Less

31 July 2025
Stay In Touch
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

Don't Miss

14 Great Couches You Can Buy Online

By technologistmag.com1 August 2025

It’s hard shopping for an outdoor couch. You need to consider the material so that…

Amazon Great Freedom Festival Sale 2025: Best Deals on Headphones

1 August 2025

Amazon CEO Andy Jassy Wants to Place Advertisements in Multiturn Conversations With Alexa+

1 August 2025

Samsung Exynos 2600 Confirmed to Be the First Chipset Built on 2nm GAA Process

1 August 2025

Palantir Is Extending Its Reach Even Further Into Government

1 August 2025
Technologist Mag
Facebook X (Twitter) Instagram Pinterest
  • Privacy
  • Terms
  • Advertise
  • Contact
© 2025 Technologist Mag. All Rights Reserved.

Type above and press Enter to search. Press Esc to cancel.