Russian hacker group using Internet service providers to spy on foreign embassies

August 2, 2025 by 3 Comments

Hacking cyber - JFA HACKER GROUP LINKED to Russia’s Federal Security Service (FSB) has compromised Russia’s domestic internet infrastructure and is using it to target foreign diplomats stationed in Russia. According to a report, published last week by Microsoft Threat Intelligence, the hacker group behind this operation is Turla, also known as Snake, Venomous Bear, Group 88, Waterbug, and Secret Blizzard. Analysts have linked the group with “some of the most innovative hacking feats in the history of cyberespionage”.

Turla began its attempt to compromise a host of Russian internet service providers in February, according to Microsoft’s report. The group’s apparent goal has been to gain access to the software that enables Russian security agencies to legally intercept internet traffic, following the issuance of warrants by judges. This software is governed by Russia’s System for Operative Investigative Activities (SORM), which became law in 1995, under the presidency of Boris Yeltsin. All local, state, and federal government agencies in Russia use the SORM system to facilitate court-authorized telecommunications surveillance.

According to Microsoft, targeted Internet users receive an error message prompting them to update their browser’s cryptographic certificate. Consent by the user results in the targeted computer downloading and installing a malware. Termed ApolloShadow by Microsoft, the malware is disguised as a security update from Kaspersky, Russia’s most widely known antivirus software provider. Once installed the malware gives the hackers access to the content of the targeted user’s secure communications.

The Microsoft report states that, although Turla has been involved in prior attacks against diplomatic targets in Russia and abroad, this is the first time that the hacker group has been confirmed to have the capability to attack its targets at the Internet Service Provider (ISP) level. In doing so, Turla has been able to incorporate Russia’s domestic telecommunications infrastructure into its attack tool-kit, the report states. The report does not name the diplomatic facilities or the countries whose diplomats have been targeted by Turla hackers. But it warns that all “diplomatic personnel using local [internet service providers] or telecommunications services in Russia are highly likely targets” of the group.

Author: Joseph Fitsanakis | Date: 02 August 2025 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , , , , ,

Ukrainian drone strikes may have targeted Moscow homes of Russian spies

June 8, 2023 by 1 Comment

Rublyovka, MoscowA SERIES OF COORDINATED drone strikes that struck Moscow last week were not random, but may in fact have targeted the homes of senior Russian intelligence officials, according to a new report by an American television network, which cited knowledgeable sources and data by an open-source research firm.

In the early morning hours of May 30, a fleet of at least six unmanned aerial vehicles (UAVs) struck what appeared to be residential apartment blocks in Moscow’s southeastern suburbs. The targets were all located in Moscow’s Rublyovka area, which contains some of the wealthiest neighborhoods in the Russian capital. Many expressed surprise at the airborne assault, as it was the first known attack against residential targets in Moscow since the latest phase of the Russian invasion of Ukraine, which began in February 2022.

Upon initial inspection, the targets of the early-morning attack appeared to have been chosen at random. Yesterday, however, the American television network NBC claimed that the targets of the attack had been carefully selected as “a part of Ukraine’s strategy of psychological warfare against Russia”. Citing “multiple sources familiar with the strikes”, including a senior United States official and a congressional staffer, NBC said that the targets of the attacks were all residences of Russian government personnel.

The television network also cited data by Strider Technologies, an open-source strategic intelligence company located in the American state of Utah, according to which at least one of the buildings that were struck by the UAVs housed a Russian state-controlled military contractor. According to Strider Technologies, the contractor provides services to a military unit that is known to be a front for Russia’s Foreign Intelligence Service (SVR). NBC further claimed that other targets in the alleged Ukrainian operation targeted the residences of senior Russian intelligence personnel.

Author: Joseph Fitsanakis | Date: 08 June 2023 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , , ,

Fire at top-secret Moscow facility highlights rapid growth of Russian spy headquarters

November 9, 2017 by 1 Comment

SVR MoscowA massive fire that broke out at a top-secret spy facility in Moscow on Wednesday brought to the foreground prior reports about the unprecedented growth of the headquarters of Russia’s foreign spy service. The fire was reported at a government compound in Yasenevo, a leafy district on the southern outskirts of the Russian capital. The compound serves as the headquarters of the Russian Foreign Intelligence Service, known by its initials, SVR. The SVR is one of the successor agencies to the Soviet-era KGB. During Soviet times, the present-day SVR was known as the First Chief Directorate or First Main Directorate of the KGB. Despite its name change, however, its mission remains the same, namely to collect secrets from targets outside the Russian Federation —often through the use of espionage— and to disseminate intelligence to the president.

The fire, which local news agencies described as “huge”, was reported early in the afternoon of Wednesday. Television images showed smoke coming out of one of the multistory towers that make up the SVR building complex. According to SVR spokesman Sergey Ivanov, the fire started in what he called “a technical installation” that houses “a cable gallery” and is located beneath the multistory building. The 21-story tower block is adjacent to a large Y-shaped building and is visible for several miles around. It became operational in the early 1970s, when the KGB’s First Chief Directorate began a decade-long process of moving to the new, state-of-the-art complex in the southern suburbs of the Russian capital. Today the complex houses the entire apparatus of the SVR, including its espionage wing, and is informally known as les (the forest) or kontora (the office). Approximately 15 fire crews arrived at the scene soon afterwards, and were able to coordinate their movements despite the fact that mobile communications are blocked at the site of the compound.

The SVR spokesman added that the fire is believed to have begun at a section of the facility that is undergoing extensive maintenance work. Three members of the crew that were initially missing during the early stage of the fire were later rescued, said Ivanov, and the fire was eventually extinguished without causing fatalities or injuries. But the incident highlighted the reportedly unprecedented growth of the SVR complex that observers have noted in recent years. As intelNews reported in 2016, satellite images show that the top-secret facility has doubled —and possibly tripled— in size in the past decade. The most recent images were compiled by Allen Thomson, an analyst who worked for the United States Central Intelligence Agency in the 1970s and 1980s. They were published by Steven Aftergood, who edits the Federation of American Scientists’ Secrecy News blog. The images clearly show that at least three more large buildings have been erected alongside the landmark skyscraper and the adjoining Y-shaped office block. These additions, said Aftergood in 2016, appear to have increased the SVR headquarters’ floor space “by a factor of two or more”. Moreover, the nearby parking capacity at the complex “appears to have quadrupled”, he added. Observers often describe the compound as a constant construction site, with new buildings and facilities being built at an unprecedented speed.

On Wednesday evening, SVR officials told the Moscow-based TASS news agency that the agency would investigate the cause of the fire. It was “too early to give any comments” about it, they said, but the SVR had already initiated an official probe into the incident.

Author: Joseph Fitsanakis | Date: 09 November 2017 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , ,

Russian foreign intelligence headquarters has doubled in size since 2007

July 14, 2016 by 1 Comment

SVR hqRecent satellite images reveal that the headquarters of the Russian Federation’s external intelligence agency has doubled, and possibly tripled, in size in the past nine years. The Russian Foreign Intelligence Service, known as SVR, is one of the successor agencies of the Soviet-era KGB. During the Soviet times, the present-day SVR was known as the First Chief Directorate or First Main Directorate of the KGB. Despite its name change, however, its mission remains the same, namely to collect secrets from targets outside the Russian Federation —often through the use of espionage— and to disseminate intelligence to the president. In the Soviet days, along with most of the KGB, the First Chief Directorate was headquartered in the imposing Lubyanka building, which is located in Moscow’s Meshchansky District. But in the early 1970s, the entire First Chief Directorate began a decade-long process of moving to a new, state-of-the-art complex in the southern suburbs of the Russian capital. The complex, which is located in Yasenevo, today houses the entire apparatus of the SVR, including its espionage wing, and is informally known as les (the forest) or kontora (the office).

Until 2007, the SVR’s Yasenevo headquarters consisted of a large Y-shaped office building that adjoins an imposing 21-story skyscraper, which is visible for several miles around. But an open-source collection of recent satellite images shows that the top-secret complex has doubled —and possibly tripled— in size in the past decade. Steven Aftergood, who edits the Federation ofMikhail Fradkov American Scientists’ Secrecy News blog, has published a collection of images that was compiled by Allen Thomson, an analyst who worked for the United States Central Intelligence Agency from 1972 to 1985. The images clearly show that at least three more large buildings have been erected alongside the landmark skyscraper and the adjoining Y-shaped office block. These additions, says Aftergood, appear to have increased the SVR headquarters’ floor space “by a factor of two or more”. Moreover, the nearby parking capacity at the complex “appears to have quadrupled”, he adds.

There is no information available about what may have prompted the sudden building expansion at the SVR complex, nor whether it reflects drastic changes in the organizational structure, budget or mission of the agency. Secrecy News quotes Russian intelligence observer Andrei Soldatov, who suggests that there may be a direct connection between the expansion of the SVR facility and the appointment of Mikhail Fradkov as the agency’s director, in 2007. Fradkov is a Soviet-era diplomat, who some suspect was secretly an officer of the KGB. He served as Russia’s prime minister from 2004 to 2007, when he was appointed director of the SVR —a position that he retains to this day. There have been suggestions in the Russian media that Fradkov could succeed Vladimir Putin when the latter retires from his post as president of the Russian Federation.

Author: Joseph Fitsanakis | Date: 14 July 2016 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , ,

News you may have missed #669

January 20, 2012 by Leave a comment

Raoul WallenbergBy IAN ALLEN | intelNews.org |
►►UK admits using fake rock to spy on Russians. Britain has admitted for the first time that it was caught spying when Russia exposed its use of a fake rock in Moscow to conceal electronic equipment. Russia made the allegations in January 2006, but Britain has not publicly accepted the claims until now. Jonathan Powell, then Prime Minister Tony Blair’s chief of staff, told a BBC documentary it was “embarrassing”, but “they had us bang to rights”. He added: “clearly they had known about it for some time”.
►►New book examines forgotten CIA officer Jim Thompson. The CIA’s longtime man in Southeast Asia, Jim Thompson, fought to stop the agency’s progression from a small spy ring to a large paramilitary agency. Now a new book, The Ideal Man: The Tragedy of Jim Thompson and the American Way of War, by Joshua Kurlantzick, examines the life and exploits of the man known as “Silk King” Jim.
►►Sweden to probe fate of WWII hero Wallenberg. Raoul Wallenberg (pictured) was a shrewd businessman who, in the summer of 1944, was posted as Sweden’s ambassador in Budapest, Hungary. He was also an American intelligence asset, having been recruited by a US spy operating out of the War Refugee Board, an American government outfit with offices throughout Eastern Europe. He was abducted by Soviet intelligence officers in the closing stages of World War II, and his fate is one of the unsolved mysteries of 20th century espionage. Now Sweden says it will open a new probe into his disappearance.

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , , , , , , , , , , , , , ,

Expelled Israeli spy was after Russian-Arab arms deals, says FSB

May 24, 2011 by 1 Comment

Vadim Leiderman

Vadim Leiderman

By IAN ALLEN | intelNews.org |
The military attaché at the Israeli embassy in Moscow, who was unceremoniously expelled by the Russian government last week, was allegedly gathering intelligence on Russian arms exports to the Arab world. The FSB, Russia’s foremost counterintelligence agency, said Soviet-born Vadim Leiderman, a colonel in the Israeli army, was “caught red-handed” during a sting operation in Moscow, which is said to have occurred on May 12. His arrest led to the first expulsion of an Israeli diplomat from Russia in over two decades. Commenting on the case, a spokesperson from Russia’s Ministry of Foreign Affairs said that the Kremlin had intended to conceal Leiderman’s expulsion from the media, as a “gesture of goodwill” to Israel. But its effort to keep the operation secret collapsed after Russia’s RBC TV aired a surveillance video of Leiderman’s arrest by a group of FSB officers, as the seemingly unsuspecting Israeli diplomat was dining with another man at an exclusive Moscow restaurant. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , , ,