In February 2025, Microsoft observed attempted cyber intrusions targeting unnamed foreign embassies in Moscow, attributing the activity to “Secret Blizzard,” also known as “Turla,” a long-active espionage group linked to Russian intelligence
Microsoft has alleged that a prominent cyber-espionage unit affiliated with Russia’s Federal Security Service (FSB) is conducting targeted cyberattacks against foreign embassies and diplomatic organizations in Moscow, exploiting local internet service providers (ISPs) to deliver malware.
In a blog post published on July 31, Microsoft Threat Intelligence revealed that this cyber campaign—active since at least 2024—has been systematically compromising sensitive diplomatic entities through compromised network infrastructure. The findings represent the first public confirmation that Russian intelligence is leveraging ISP-level access to carry out cyber-espionage operations within its borders.
“This approach significantly heightens the risk for embassies and diplomatic personnel who depend on Russian ISPs for their communications,” Microsoft stated. According to the report, the attackers use custom-built backdoors to gain initial access, enabling them to install additional malware and extract confidential data from compromised systems.
Microsoft noted that an incident in February 2025 involved attempted intrusions into unspecified foreign embassies in Moscow, although it declined to name the countries affected. The tech giant attributed the activity to a group it tracks as “Secret Blizzard,” which is widely recognized by cybersecurity experts as “Turla”—a unit with a nearly two-decade history of targeting governments, journalists, and NGOs.
Cyber threats amid rising tensions
The revelations come amid heightened geopolitical tensions, as the United States continues to urge Russia to halt its military campaign in Ukraine and NATO allies ramp up defense investments in response to perceived Russian threats.
Neither the U.S. Department of State nor Russian officials have publicly commented on the report. While the Kremlin has consistently denied involvement in cyber-espionage, no immediate response was issued regarding Microsoft’s latest findings.
The incident underscores growing concerns about the use of national telecommunications infrastructure as a vector for state-sponsored surveillance and cyber-intrusions, particularly in geopolitically sensitive regions. Microsoft has urged at-risk organizations operating in Russia to reassess their cybersecurity practices and limit reliance on local ISPs where feasible.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
