Microsoft has accused Russia's premier intelligence agency, the FSB, of having secretly initiated a cyber-espionage campaign against embassies and diplomatic missions in Moscow by hacking into local internet service providers.
In a Thursday blog post, Microsoft's Threat Intelligence team exposed how the FSB has been running this operation since at least early 2024. By infiltrating ISPs, hackers can deploy malware and listen in on diplomatic networks undetected. The operation poses an extreme threat to any foreign entity using Russian telecom services.
Also Read: Microsoft Servers Under Global Cyberattack, Over 10,000 Organizations at Risk
This is the first public indication that Russia's security agencies are surveilling through internet providers themselves. Microsoft reported that the attackers deploy custom backdoors on targeted systems so that they can further deploy malware and steal sensitive information.
As reported by Microsoft, an attack in February targeted a number of foreign embassies in Moscow, though no names were given to the affected countries. The espionage group responsible for the activity has been dubbed "Secret Blizzard" by Microsoft, and "Turla" within the larger cybersecurity space.
"Secret Blizzard" has operated for almost two decades, once connected to cyberattacks on reporters, governments, and political dissidents. In May 2023, the US government openly acknowledged its affiliation with the FSB.
The report breaks at a charged moment, with the US pressing Moscow to end the fighting in Ukraine while NATO countries boost defense budgets. The incident raises pressing questions about diplomatic cybersecurity in hostile environments.
The US State Department and Russian authorities have yet to comment on the report. Moscow has continued to deny any role in state-sponsored hacking campaigns.
With the possibility of embassies being compromised through typical online activity, the revelations are a chilling warning: in Moscow, even your ISP may be monitoring you.
