Microsoft Reports on Russian Cyberattacks on Foreign Embassies

• The Russian hacker group Turla is conducting cyber operations against embassies.
• They are using malicious software to collect data.
• Microsoft confirmed that the attacks have been ongoing since 2024.

Microsoft has announced that the Russian hacker group, known as Turla or Secret Blizzard, is carrying out cyber operations against foreign embassies in Moscow. According to a report published on July 31, 2025, the hackers are utilizing Russian Internet providers to conduct the attacks.

Microsoft stated that this campaign has been ongoing since 2024 and poses a high risk for diplomatic missions. The hackers mask their malicious software under the production of Kaspersky Lab, which allows them to intercept Internet traffic of victims and install malicious software for data collection.

It is known that the malicious software, known as ApolloShadow, can decrypt computer information that makes activity on the Internet easily readable, including web browsing and confidential information.

Microsoft did not disclose the names of the embassies that have been targeted. However, according to analysts, for conducting such large-scale operations, hackers may utilize Russian interception systems, such as the SORM system, which allows the FSB and other law enforcement agencies to conduct surveillance.

This situation is occurring against the backdrop of increasing tensions from Washington towards Moscow regarding the ongoing war in Ukraine and NATO's commitment to increase defense spending in connection with concerns about Russia.

Russia denies involvement in cyber operations, and no comments regarding Microsoft's statement have been received from Moscow.

Tags: Russia/Politics/Technology