Russian hacker group using Internet service providers to spy on foreign embassies

August 2, 2025 by 3 Comments

Hacking cyber - JFA HACKER GROUP LINKED to Russia’s Federal Security Service (FSB) has compromised Russia’s domestic internet infrastructure and is using it to target foreign diplomats stationed in Russia. According to a report, published last week by Microsoft Threat Intelligence, the hacker group behind this operation is Turla, also known as Snake, Venomous Bear, Group 88, Waterbug, and Secret Blizzard. Analysts have linked the group with “some of the most innovative hacking feats in the history of cyberespionage”.

Turla began its attempt to compromise a host of Russian internet service providers in February, according to Microsoft’s report. The group’s apparent goal has been to gain access to the software that enables Russian security agencies to legally intercept internet traffic, following the issuance of warrants by judges. This software is governed by Russia’s System for Operative Investigative Activities (SORM), which became law in 1995, under the presidency of Boris Yeltsin. All local, state, and federal government agencies in Russia use the SORM system to facilitate court-authorized telecommunications surveillance.

According to Microsoft, targeted Internet users receive an error message prompting them to update their browser’s cryptographic certificate. Consent by the user results in the targeted computer downloading and installing a malware. Termed ApolloShadow by Microsoft, the malware is disguised as a security update from Kaspersky, Russia’s most widely known antivirus software provider. Once installed the malware gives the hackers access to the content of the targeted user’s secure communications.

The Microsoft report states that, although Turla has been involved in prior attacks against diplomatic targets in Russia and abroad, this is the first time that the hacker group has been confirmed to have the capability to attack its targets at the Internet Service Provider (ISP) level. In doing so, Turla has been able to incorporate Russia’s domestic telecommunications infrastructure into its attack tool-kit, the report states. The report does not name the diplomatic facilities or the countries whose diplomats have been targeted by Turla hackers. But it warns that all “diplomatic personnel using local [internet service providers] or telecommunications services in Russia are highly likely targets” of the group.

Author: Joseph Fitsanakis | Date: 02 August 2025 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , , , , ,

Switzerland claims embassy worker was abducted by Sri Lankan security officers

December 4, 2019 by Leave a comment

Swiss embassy Sri LankaSwitzerland has filed a formal complaint after an employee of the Swiss embassy in Sri Lanka was allegedly abducted by men who forced her to divulge sensitive information about the embassy and its activities. The Swiss Ministry of Foreign Affairs said on Tuesday that the embassy employee was kidnapped by four men while walking in the Sri Lankan capital Colombo, on November 25. The men took her to what appeared to be a safe house and interrogated her for several hours.

The men eventually forced the Swiss embassy employee, who is a Sri Lankan national, to unlock her personal cell phone. According to Swiss government officials, they appeared to be looking for information about a senior Sri Lankan police detective who recently fled to Switzerland with his family and was granted political asylum. Some Sri Lankan media identified the man as Nishantha Silva, a police detective who until recently headed the Sri Lankan Criminal Intelligence Division’s Organized Crime Investigation Unit.

Silva is one of hundreds of members of Sri Lanka’s public sector who have fled abroad following the election of President Gotabaya Rajapaksa last month. The Rajapaksa family is one of the most powerful in the country, and has a long history of influencing Sri Lankan politics. Hours after assuming power, the ultra-nationalist Rajapaksa pledged to “hunt down” the leadership of the police and security services who investigated his family after 2015, when the Rajapaksas were ousted from the government. Hundreds of police and security officers have since been arrested or summarily fired.

On Tuesday, a Swiss Foreign Ministry spokesman told The New York Times that the Swiss government had verified the details of the abduction of its embassy worker. The spokesman added that the employee was forced to disclose “embassy-related information” after she was “threatened at length” by the men. The latter released her after warning her that she would be killed if she spoke to anyone about her ordeal.

On Monday, a spokesman for President Rajapaksa told reporters in Colombo that the Sri Lankan government questioned the accuracy of the Swiss embassy worker’s account of her abduction. Later, however, the Sri Lankan government announced that it had launched an investigation into the allegations. It now appears that the Sri Lankan government is preventing the embassy worker from leaving the country while the investigation into her claims is underway.

Author: Joseph Fitsanakis | Date: 04 December 2019 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , ,

Taiwan president’s security detail implicated in cigarette smuggling scandal

August 5, 2019 by Leave a comment

Taiwan cigarette smugglingAt least 70 members of Taiwan’s presidential security detail used the president’s official trips abroad to smuggle thousands of cigarettes into the country, it has been announced by Taiwan’s’s spy chief. According to news reports from Taiwan, the smuggling scandal was uncovered last month, when the country’s President, Tsai Ing-wen, concluded an official tour of several Caribbean nations. Taiwanese customs officers stopped a security agent in President Tsai’s entourage, who allegedly tried to bring nearly 10,000 cartons of duty-free cigarettes into the country. The agent had ordered the cigarettes online prior to the presidential trip. He then concealed the cartons in an airport warehouse and planned to bring them into the country by disguising them as supplies used by President Tsai’s motorcade.

The customs officials contacted China Airlines, the national carrier of Taiwan, and requested information on the number of duty-free cigarette cartons that had been brought onboard by members of the president’s entourage during her foreign trips. The data revealed that thousands of cartons had been transported during presidential trips, which pointed to an organized smuggling operation by dozens of members of Tsai’s entourage. A subsequent investigation by the National Security Bureau (NSB), Taiwan’s spy service, revealed that the smuggling network had begun operating during the presidency of Ma Ying-jeou, Tsai’s predecessor. The scandal prompted the resignation of the director of the NSB. On Friday, the NSB’s new Director, Chiu Kuo-cheng, gave a rare press conference in which he provided further details on the case. According to Chiu, 49 members of the presidential security detail, 25 NSB officers and two members of Taiwan’s Military Police, participated in the smuggling network. Most smuggled between 10 and 50 cartons of cigarettes per trip; but some smuggled over 1,000 cartons per trip.

Chiu said on Friday that two NSB officers had been placed under arrest for their participation in the smuggling ring, and further arrests were being planned. He warned those responsible that he had personally taken command of the NSB’s investigation, and that punishment would be “severe” for those found to have participated in the smuggling. Chiu added that a number of China Airlines officials were also implicated in the smuggling network and were being questioned. On Saturday, President Tsai said she had no knowledge that members of her own security detail were smuggling duty-free cigarettes into Taiwan.

Author: Joseph Fitsanakis | Date: 05 August 2019 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , ,

US diplomats in Russia to be guarded by firm with ties to senior ex-KGB official

November 16, 2017 by 3 Comments

US embassy in RussiaSeveral American diplomatic facilities in Russia, including the United States embassy in Moscow, as well as consulates in other major Russian cities, will be guarded by a firm with ties to a former senior KGB official. The New York Times reported on Tuesday that the company, Elite Security Holdings, is headquartered in Moscow but has offices throughout Europe and the former Soviet republics. The firm has its roots in an earlier venture co-founded by former KGB official Viktor G. Budanov. The 82-year-old Budanov served as director of the KGB’s K Directorate, also known as Second Chief Directorate, which was responsible for counterintelligence. Budanov no longer owns any part of Elite Security Holdings. But his son, Dimitri Budanov, is believed to be in charge of the firm’s headquarters in the Russian capital. The family is known to be politically close to Vladimir Putin, who served together in the KGB with Viktor Budanov in East Germany in the 1980s.

Elite Security Holdings was awarded a no-bid contract by the US Department of State’s Office of Acquisitions —meaning that no other company was solicited by the US government for the contract. The agreement was struck once US diplomatic facilities in Russia were forced by Moscow to cut their staff by 755 employees. That resulted in the firing of many staff members, most of them local Russians, whose job was to guard the perimeters of US diplomatic facilities, screen visitors, and patrol the embassy grounds. To make up for the loss of personnel, the Department of State hired Elite Security Holdings, which is authorized to operate in Russia as a private local company; its staff members are therefore not considered to be employees of Washington. But the private firm retains close links to Budanov, who spent 25 years outthinking the CIA as head of the KGB’s counterintelligence directorate.

The Times spoke to an anonymous US State Department official, who said that Elite Security Holdings personnel would not have access to the embassy’s secure areas. The official also told the paper that all Elite Security Holdings employees had been carefully screened by “relevant national and local agencies” and posed no threat to the security of US diplomatic facilities. The latter would still be primarily protected by US Marines, who are detailed to the Department of State’s Diplomatic Security Service. According to The Times, Elite Security Holdings personnel will work at the US embassy in Moscow, and the consulates in Vladivostok, Yekaterinburg and St. Petersburg.

Author: Ian Allen | Date: 16 November 2017 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , ,