One of the Russian government’s premier cyber espionage units is deploying malware against embassies and diplomatic organizations in Moscow by leveraging local internet service providers, Microsoft said.
The analysis confirms for the first time that Russia’s Federal Security Service, also known as the FSB, is conducting cyber espionage at the ISP level, according to findings from Microsoft Threat Intelligence.
“Microsoft is now certain that this activity is happening within Russian borders,” Microsoft's director of Threat Intelligence Strategy, Sherrod DeGrippo, told Reuters.
Microsoft’s findings come amid increasing pressure from Washington for Moscow to agree to a ceasefire in its war in Ukraine and pledges from NATO countries to increase defence spending surrounding their own concerns about Russia.
The analysis tracks an FSB cyber espionage campaign that in February targeted unnamed foreign embassies in Moscow.
The FSB activity facilitates the installation of custom backdoors on targeted computers, which can be used to install additional malware as well as steal data.
Reuters could not determine which embassies were targeted.
The US State Department did not respond to a request for comment.
Russian diplomats did not immediately respond to a request for comment. Moscow routinely denies carrying out cyber espionage operations.
The hacking unit linked to the activity, which Microsoft tracks as “Secret Blizzard” and others categorize as “Turla,” has been hacking governments, journalists and others for nearly 20 years, the US government said in May 2023 after the FBI disrupted one of its long-running operations.
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
Local Government Focus Day Western Australia
Digital Leadership Day Western Australia
Government Cyber Security Showcase Western Australia
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
