Russian hacker group using Internet service providers to spy on foreign embassies
August 2, 2025 3 Comments
A HACKER GROUP LINKED to Russia’s Federal Security Service (FSB) has compromised Russia’s domestic internet infrastructure and is using it to target foreign diplomats stationed in Russia. According to a report, published last week by Microsoft Threat Intelligence, the hacker group behind this operation is Turla, also known as Snake, Venomous Bear, Group 88, Waterbug, and Secret Blizzard. Analysts have linked the group with “some of the most innovative hacking feats in the history of cyberespionage”.
Turla began its attempt to compromise a host of Russian internet service providers in February, according to Microsoft’s report. The group’s apparent goal has been to gain access to the software that enables Russian security agencies to legally intercept internet traffic, following the issuance of warrants by judges. This software is governed by Russia’s System for Operative Investigative Activities (SORM), which became law in 1995, under the presidency of Boris Yeltsin. All local, state, and federal government agencies in Russia use the SORM system to facilitate court-authorized telecommunications surveillance.
According to Microsoft, targeted Internet users receive an error message prompting them to update their browser’s cryptographic certificate. Consent by the user results in the targeted computer downloading and installing a malware. Termed ApolloShadow by Microsoft, the malware is disguised as a security update from Kaspersky, Russia’s most widely known antivirus software provider. Once installed the malware gives the hackers access to the content of the targeted user’s secure communications.
The Microsoft report states that, although Turla has been involved in prior attacks against diplomatic targets in Russia and abroad, this is the first time that the hacker group has been confirmed to have the capability to attack its targets at the Internet Service Provider (ISP) level. In doing so, Turla has been able to incorporate Russia’s domestic telecommunications infrastructure into its attack tool-kit, the report states. The report does not name the diplomatic facilities or the countries whose diplomats have been targeted by Turla hackers. But it warns that all “diplomatic personnel using local [internet service providers] or telecommunications services in Russia are highly likely targets” of the group.
► Author: Joseph Fitsanakis | Date: 02 August 2025 | Permalink
HACKERS HAVE COMPROMISED A website used by the United States Intelligence Community (IC) to solicit sensitive contracts from the private sector,
MEMBERS OF A PROLIFIC hacker group that many associate with Russian intelligence impersonated Microsoft technicians in order to compromise nearly 40 government agencies and companies around the world. Microsoft security researchers
AN ESPIONAGE TOOL DESCRIBED by Western officials as the most advanced in the Russian cyber-arsenal has been neutralized after a 20-year operation by intelligence agencies in the United States, Australia, Canada, the United Kingdom and New Zealand. The operation targeted
A NOTORIOUS NORTH KOREAN hacker group is believed to be behind a “sophisticated” effort to elicit the views of international experts on issues that are of concern to Pyongyang, according to an investigation by Reuters. The news agency
A NEWLY DISCOVERED CYBER-espionage group appears to target the senior leadership of private corporations involved in large-scale financial transactions, but employs skills and methods that are usually associated with state-sponsored threat actors. The group has been termed “UNC3524” by the American cybersecurity firm Mandiant, which says it discovered it in December of 2019. In a detailed
RUSSIAN STATE COMPANIES, BUSINESSES and individuals are being targeted in an unprecedented wave of attacks by digital assailants, according to observers, who say they are surprised by its ferocity. Since February of this year, hackers have accessed the personal financial data of pro-Kremlin oligarchs, stolen millions of internal emails stored on Russian government severs, and defaced high-profile websites across the nation. The Washington Post, which
ON MARCH 3, 2022, Dutch newspaper Volkskrant
THE NORTH KOREAN MISSILE program has developed rapidly in the past year, partly due to an influx of stolen cryptocurrency, which has now become “an important revenue source” for Pyongyang, according to a United Nations report. The confidential report was produced for the United Nations’ Security Council, by a committee tasked with monitoring the impact of the supranational body’s sanctions on the North Korean economy.
A HACKER WHO TARGETED a major Dutch-based reservations website has ties to intelligence agencies in the United States, according to a new report. The claim was made on Wednesday by three Dutch investigative journalists, Merry Rengers, Stijn Bronzwaer and Joris Kooiman. In a lengthy 








Russian spies hacked security cameras to monitor weapons shipments to Ukraine
July 14, 2026 by Joseph Fitsanakis Leave a comment
The revelation is contained in a joint communique issued by the two primary intelligence agencies of the Netherlands—the Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD). It states that Russian hackers targeted security camera systems—most of them belonging to private businesses—located along transportation routes that are frequented by NATO military convoys heading to Ukraine.
Access to the camera feeds enabled Russian intelligence to identify the precise routes used by NATO military convoys and to monitor the types of equipment being transported to Ukraine. Ground-level security cameras also offered an important intelligence advantage over satellite and drone imagery by providing close-range views of vehicles and cargo, revealing operational details that overhead collection platforms often fail to capture.
The communiqué does not specify the exact number of compromised security cameras, noting only that it was “small”. Nor does it identify the specific transportation routes covered by the affected cameras. It does, however, confirm that the compromised systems were positioned along military logistics routes used to support NATO assistance to Ukraine. It further notes that the cameras were compromised as part of a “large-scale Russian operation” that aims to monitor, and if possible stop, NATO military assistance to Ukraine.
► Author: Joseph Fitsanakis | Date: 14 Jul 2026 | Permalink
Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with 2022 Russian invasion of Ukraine, AIVD (Netherlands), CCTV, computer hacking, MIVD (Netherlands), NATO, Netherlands, News, Russia, security camera, Ukraine