Mathew J. SchwartzAug 5, 2025
Russia uses domestic ISPs to spy on diplomats, warns Microsoft
https://www.databreachtoday.com/russia-uses-isps-to-spy-on-diplomats-warns-microsoft-a-29113 #SecretBlizzard #Turla
The Threat CodexAug 4, 2025
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats
#SecretBlizzard
https://www.microsoft.com/en-us/security/blog/2025/07/31/frozen-in-transit-secret-blizzards-aitm-campaign-against-diplomats/
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats | Microsoft Security Blog

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware.

Microsoft Security Blog
অর্ঘ্য 🏏📚 💻Aug 4, 2025

Microsoft Threat Intelligence has uncovered a #CyberEspionage campaign by the #Russian state actor tracked as #SecretBlizzard that targets embassies located in Moscow using an AiTM position at the ISP level to deploy custom #ApolloShadow #malware.

🔗 https://www.microsoft.com/en-us/security/blog/2025/07/31/frozen-in-transit-secret-blizzards-aitm-campaign-against-diplomats/

Ars Technica NewsJul 31, 2025
Microsoft catches Russian hackers targeting foreign embassies https://arstechni.ca/sdF8 #secretblizzard #embassies #Security #Biz&IT #russia #apts
Microsoft catches Russian hackers targeting foreign embassies

End goal is the installation of a malicious TLS root certificate for use in intel gathering.

Ars Technica
Andreas KlopschDec 14, 2024

The second part of the frequent freeloader blog series is out! MSTIC shares how Secret Blizzard abused tools of other threat actors to attack Ukraine.

https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/

#malware #cybersecurity #infosec #threatintelligence #microsoft #mstic #secretblizzard

Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine | Microsoft Security Blog

Since January 2024, Microsoft has observed Secret Blizzard using the tools or infrastructure of other threat groups to attack targets in Ukraine and download its custom backdoors Tavdig and KazuarV2.

Microsoft Security Blog
The Threat CodexDec 12, 2024
Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine
#SecretBlizzard #Storm_1919 #Storm_1837
https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/
Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine | Microsoft Security Blog

Since January 2024, Microsoft has observed Secret Blizzard using the tools or infrastructure of other threat groups to attack targets in Ukraine and download its custom backdoors Tavdig and KazuarV2.

Microsoft Security Blog
Anonymous 🐈️🐾☕🍵🏴🇵🇸 Dec 11, 2024
#Russian cyber-espionage group Turla, aka " #SecretBlizzard," is utilizing other threat actors' infrastructure to target Ukrainian military devices connected via Starlink. #CyberAttacks
#UkraineRussiaWar️️ https://www.bleepingcomputer.com/news/security/russian-turla-hackers-hit-starlink-connected-devices-in-ukraine/
Russian Turla hackers hit Starlink-connected devices in Ukraine

Russian cyber-espionage group Turla, aka "Secret Blizzard," is utilizing other threat actors' infrastructure to target Ukrainian military devices connected via Starlink.

BleepingComputer
Andreas KlopschDec 5, 2024

The russian nation state actor Secret Blizzard infiltrates other threat actors to use their infrastructure and tools for their own purposes.

In part 1 of this blog series, Microsoft Threat Intelligence discusses how Secret Blizzard has used the infrastructure of the Pakistan-based threat activity cluster we call Storm-0156.

https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage/

#malware #secretblizzard #infosec #cybersecurity #threatintelligence #microsoft

Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage | Microsoft Security Blog

Microsoft has observed Secret Blizzard compromising the infrastructure and backdoors of the Pakistan-based threat actor we track as Storm-0156 for espionage against the Afghanistan government and Indian Army targets.

Microsoft Security Blog
Rene RobichaudDec 5, 2024

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors
https://securityaffairs.com/171699/apt/secret-blizzard-using-infrastructure-of-other-threat-actors.html

#Infosec #Security #Cybersecurity #CeptBiro #RussiaLinked #APT #SecretBlizzard

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

Russia-linked APT group Secret Blizzard has used the tools and infrastructure of at least 6 other threat actors during the past 7 years.

Security Affairs
The Threat CodexDec 4, 2024
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage
#SecretBlizzard #Storm_0156 #TinyTurla
https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage/
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage | Microsoft Security Blog

Microsoft has observed Secret Blizzard compromising the infrastructure and backdoors of the Pakistan-based threat actor we track as Storm-0156 for espionage against the Afghanistan government and Indian Army targets.

Microsoft Security Blog