Frozen in transit: Secret Blizzard's AiTM campaign against diplomats
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A Russian state actor known as Secret Blizzard has been conducting a cyberespionage campaign targeting embassies in Moscow using an adversary-in-the-middle (AiTM) technique. The campaign involves deploying custom ApolloShadow malware to maintain persistence on diplomatic devices for intelligence collection. Secret Blizzard exploits its position at the Internet Service Provider level to redirect targets through captive portals, tricking them into downloading and executing the malware. ApolloShadow installs root certificates, alters network settings, and creates an administrative user for persistent access. The campaign poses a significant risk to foreign embassies and diplomatic entities operating in Moscow, particularly those relying on local internet providers.
OPENCTI LABELS :
cyberespionage,aitm,root certificates,apolloshadow
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Frozen in transit: Secret Blizzard's AiTM campaign against diplomats