Microsoft says cyber-espionage campaign ‘poses high risk’ to foreign embassies, diplomats and other groups in Moscow.
Microsoft has accused one of the Russian government’s premier cyber-espionage units of deploying malware against embassies and diplomatic organisations in Moscow by leveraging local internet service providers.
In a blog post on Thursday, Microsoft Threat Intelligence said the campaign by Russia’s Federal Security Service, also known as the FSB, “has been ongoing since at least 2024”.
The effort “poses a high risk to foreign embassies, diplomatic entities, and other sensitive organizations operating in Moscow, particularly to those entities who rely on local internet providers”, Microsoft said.
The analysis confirms for the first time that the FSB is conducting cyber-espionage at the ISP level, according to Microsoft’s findings.
“This means that diplomatic personnel using local ISP or telecommunications services in Russia are highly likely targets of (the campaign) within those services,” the blog post reads.
Microsoft tracked an alleged FSB cyber-espionage campaign that in February targeted unnamed foreign embassies in Moscow.
The FSB activity facilitates the installation of custom backdoors on targeted computers, which can be used to install additional malware, as well as steal data, Microsoft said.
The findings come amid increasing pressure from Washington for Moscow to agree to a ceasefire in its war in Ukraine and pledges from NATO countries to increase defence spending surrounding their own concerns about Russia.
Microsoft did not say which embassies were targeted by the FSB campaign.
The US Department of State, as well as Russian diplomats, did not respond to requests for comment from the Reuters news agency.
Russia has denied carrying out cyber-espionage operations. There was no immediate comment from Moscow on Microsoft’s report on Thursday.
The hacking unit linked to the activity, which Microsoft tracks as “Secret Blizzard” and others categorise as “Turla”, has been hacking governments, journalists and others for nearly 20 years, the US government said in May 2023.
