By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
World of SoftwareWorld of SoftwareWorld of Software
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Search
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
Reading: The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware
Share
Sign In
Notification Show More
Font ResizerAa
World of SoftwareWorld of Software
Font ResizerAa
  • Software
  • Mobile
  • Computing
  • Gadget
  • Gaming
  • Videos
Search
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Have an existing account? Sign In
Follow US
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
World of Software > Gadget > The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware
Gadget

The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware

News Room
Last updated: 2025/07/31 at 12:09 PM
News Room Published 31 July 2025
Share
SHARE

The Russian state hacker group known as Turla has carried out some of the most innovative hacking feats in the history of cyberespionage, hiding their malware’s communications in satellite connections or hijacking other hackers’ operations to cloak their own data extraction. When they’re operating on their home turf, however, it turns out they’ve tried an equally remarkable, if more straightforward, approach: They appear to have used their control of Russia’s internet service providers to directly plant spyware on the computers of their targets in Moscow.

Microsoft’s security research team focused on hacking threats today published a report detailing an insidious new spy technique used by Turla, which is believed to be part of the Kremlin’s FSB intelligence agency. The group, which is also known as Snake, Venomous Bear, or Microsoft’s own name, Secret Blizzard, appears to have used its state-sanctioned access to Russian ISPs to meddle with internet traffic and trick victims working in foreign embassies operating in Moscow into installing the group’s malicious software on their PCs. That spyware then disabled encryption on those targets’ machines so that data they transmitted across the internet remained unencrypted, leaving their communications and credentials like usernames and passwords entirely vulnerable to surveillance by those same ISPs—and any state surveillance agency with which they cooperate.

Sherrod DeGrippo, Microsoft’s director of threat intelligence strategy, says the technique represents a rare blend of targeted hacking for espionage and governments’ older, more passive approach to mass surveillance, in which spy agencies collect and sift through the data of ISPs and telecoms to surveil targets. “This blurs the boundary between passive surveillance and actual intrusion,” DeGrippo says.

For this particular group of FSB hackers, DeGrippo adds, it also suggests a powerful new weapon in their arsenal for targeting anyone within Russia’s borders. “It potentially shows how they think of Russia-based telecom infrastructure as part of their toolkit,” she says.

According to Microsoft’s researchers, Turla’s technique exploits a certain web request browsers make when they encounter a “captive portal,” the windows that are most commonly used to gate-keep internet access in settings like airports, airplanes, or cafes, but also inside some companies and government agencies. In Windows, those captive portals reach out to a certain Microsoft website to check that the user’s computer is in fact online. (It’s not clear whether the captive portals used to hack Turla’s victims were in fact legitimate ones routinely used by the target embassies or ones that Turla somehow imposed on users as part of its hacking technique.)

By taking advantage of its control of the ISPs that connect certain foreign embassy staffers to the internet, Turla was able to redirect targets so that they saw an error message that prompted them to download an update to their browser’s cryptographic certificates before they could access the web. When an unsuspecting user agreed, they instead installed a piece of malware that Microsoft calls ApolloShadow, which is disguised—somewhat inexplicably—as a Kaspersky security update.

That ApolloShadow malware would then essentially disable the browser’s encryption, silently stripping away cryptographic protections for all web data the computer transmits and receives. That relatively simple certificate tampering was likely intended to be harder to detect than a full-featured piece of spyware, DeGrippo says, while achieving the same result.

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Twitter Email Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article Will there be a total solar eclipse on August 2? We have the answer
Next Article Thumby Color micro-review: a delightfully tiny GBA clone that doesn’t play Nintendo
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected

248.1k Like
69.1k Follow
134k Pin
54.3k Follow

Latest News

JLab JBuds Sport ANC 4 Review
Gadget
Pixel 10 Pro: Is it Just About the Tensor G5?
News
OpenAI and London’s Nscale to build massive European data centre – UKTN
News
OpenAI partners with Broadcom and TSMC for AI Chips: report · TechNode
Computing

You Might also Like

Gadget

JLab JBuds Sport ANC 4 Review

12 Min Read
Gadget

The Seiko Prospex Alpinist ‘Night Sky’ might be my favourite model yet | Stuff

2 Min Read
Gadget

The Best Fitness Trackers and Watches for Everyone

10 Min Read
Gadget

Samsung TV not working? You’re not alone

3 Min Read
//

World of Software is your one-stop website for the latest tech news and updates, follow us now to get the news that matters to you.

Quick Link

  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Topics

  • Computing
  • Software
  • Press Release
  • Trending

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

World of SoftwareWorld of Software
Follow US
Copyright © All Rights Reserved. World of Software.
Welcome Back!

Sign in to your account

Lost your password?