Evening Edition: Ukraine's Drone Attack A Serious Blow To Russia's Arsenal
FOX's John Saucier speaks with Dr. Rebecca Grant, Vice President of the Lexington Institute and national security analyst, who says the unprecedented attack has really hampered Russia's strategic bombing force.
Click Here To Follow 'The FOX News Rundown: Evening Edition'
Learn more about your ad choices. Visit podcastchoices.com/adchoices
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Bloomberg
22 minutes ago
- Bloomberg
Russian Hackers Pose as Cyber Firm to Spy on Foreign Embassies
A notorious Russian hacking group is impersonating a prominent cybersecurity firm and using the country's internet providers to spy on foreign embassies, according to a report published Thursday by Microsoft Corp. The attackers, a group known as Turla or Secret Blizzard, engaged in a 'large scale' cyber-espionage campaign in which they used Russian internet service providers, or ISPs, to conduct their hacks, according to Microsoft. Turla hackers also disguised their malware to impersonate cybersecurity software from the Russian cybersecurity company Kaspersky. Kaspersky didn't immediately respond to a request for comment.
WIRED
22 minutes ago
- WIRED
The Kremlin's Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware
Jul 31, 2025 12:00 PM The FSB cyberespionage group known as Turla seems to have used its control of Russia's network infrastructure to meddle with web traffic and trick diplomats into infecting their computers. PHOTO-ILLUSTRATION: WIRED STAFF; GETTY IMAGES The Russian state hacker group known as Turla has carried out some of the most innovative hacking feats in the history of cyberespionage, hiding their malware's communications in satellite connections or hijacking other hackers' operations to cloak their own data extraction. When they're operating on their home turf, however, it turns out they've tried an equally remarkable, if more straightforward, approach: They appear to have used their control of Russia's internet service providers to directly plant spyware on the computers of their targets in Moscow. Microsoft's security research team focused on hacking threats today published a report detailing an insidious new spy technique used by Turla, which is believed to be part of the Kremlin's FSB intelligence agency. The group, which is also known as Snake, Venomous Bear, or Microsoft's own name, Secret Blizzard, appears to have used its state-sanctioned access to Russian ISPs to meddle with internet traffic and trick victims working in foreign embassies operating in Moscow into installing the group's malicious software on their PCs. That spyware then disabled encryption on those targets' machines so that data they transmitted across the internet remained unencrypted, leaving their communications and credentials like usernames and passwords entirely vulnerable to surveillance by those same ISPs—and any state surveillance agency with which they cooperate. Sherrod DeGrippo, Microsoft's director of threat intelligence strategy, says the technique represents a rare blend of targeted hacking for espionage and governments' older, more passive approach to mass surveillance, in which spy agencies collect and sift through the data of ISPs and telecoms to surveil targets. 'This blurs the boundary between passive surveillance and actual intrusion,' DeGrippo says. For this particular group of FSB hackers, DeGrippo adds, it also suggests a powerful new weapon in their arsenal for targeting anyone within Russia's borders. 'It potentially shows how they think of Russia-based telecom infrastructure as part of their toolkit,' she says. According to Microsoft's researchers, Turla's technique exploits a certain web request browsers make when they encounter a 'captive portal,' the windows that are most commonly used to gate-keep internet access in settings like airports, airplanes, or cafes, but also inside some companies and government agencies. In Windows, those captive portals reach out to a certain Microsoft website to check that the user's computer is in fact online. (It's not clear whether the captive portals used to hack Turla's victims were in fact legitimate ones routinely used by the target embassies or ones that Turla somehow imposed on users as part of its hacking technique.) By taking advantage of its control of the ISPs that connect certain foreign embassy staffers to the internet, Turla was able to redirect targets so that they saw an error message that prompted them to download an update to their browser's cryptographic certificates before they could access the web. When an unsuspecting user agreed, they instead installed a piece of malware that Microsoft calls ApolloShadow, which is disguised—somewhat inexplicably—as a Kaspersky security update. That ApolloShadow malware would then essentially disable the browser's encryption, silently stripping away cryptographic protections for all web data the computer transmits and receives. That relatively simple certificate tampering was likely intended to be harder to detect than a full-featured piece of spyware, DeGrippo says, while achieving the same result. 'It's a creative approach: 'What if we just got on the ISP they're connecting through and use that control to turn off encryption?'" she says, describing what she believes to be Turla's thinking. 'This path gives them a massive amount of plaintext traffic that can likely be used for espionage purposes, because it's coming from highly sensitive individuals and organizations like embassies and diplomatic missions.' The details of how Turla's ISP-based redirection technique works remain far from clear. But Microsoft writes in its report that it likely uses the Kremlin's SORM system for ISP- and telecom-based communications interception and surveillance, a decades-old system initially created by the FSB and now widely used in Russian domestic intelligence and law enforcement. Microsoft declined to comment on which countries' embassies in Moscow were targeted in the campaign or how many there were, though DeGrippo notes that Microsoft warned the victims it identified. Turla's use of Kaspersky software as a cover for its malware installation technique suggests that the US embassy may not have been a target, given that Kaspersky software is banned on US government systems. Microsoft declined to comment on whether the US embassy was targeted. Microsoft didn't say how it had linked the hacking campaign to Turla specifically—a typical tightlipped approach from the company's security team, which often declines to divulge its sources and methods to avoid helping hackers evade detection. 'This is a threat actor that we have watched closely for a very long time,' DeGrippo says. Turla has a decades-old a reputation for innovating hacking methods, from USB-based worms designed to penetrated air-gapped systems to piggybacking on cybercriminals' botnets—and ApolloShadow likely isn't the first time the group has hijacked ISPs to plant malware. Slovakian cybersecurity firm ESET has pointed to what may have been a similar technique used to infect victims with fake Flash installers. The same company has also documented what it believed was likely a similar trick likely used by the Belarusian KGB's hackers, and how the commercial spyware FinFisher was likely installed on targets' devices using that same ISP-level access. But Turla's latest campaign would represent the first time that ISP-based infection has been used to disable encryption on target computers, a potentially stealthier form of espionage. Microsoft's DeGrippo notes that Turla's technique is effective in part because it doesn't take advantage of any particular software vulnerability, so it can't be patched. 'It doesn't leverage any zero-day or other vulnerability,' DeGrippo says. 'It's about getting onto the network infrastructure your target is using and controlling things from there.' That said, there are defenses Microsoft recommends for potential victims of Turla's style of ISP-based espionage technique: Use a VPN, for instance, to shield your internet traffic from your internet service provider, or even a satellite connection to bypass an untrusted ISP altogether. Multifactor authentication, too, can limit hackers' access even when they've successfully stolen a victim's username and password. DeGrippo argues that Turla's use of the technique for domestic spying inside Russia should serve as a warning to anyone traveling, living, or working in a country that has untrusted communications infrastructure. Similar ISP-level hacking, she notes, could easily be adopted by other cyberespionage groups around the world and used anywhere national internet and telecom infrastructure are potentially bent to the will of that country's intelligence agencies. 'If you're a target of interest traveling or working in countries that have these state-aligned ISPs that perhaps have surveillance powers or lawful intercept capabilities,' DeGrippo says, 'you need to concern yourself with this.'
Bloomberg
22 minutes ago
- Bloomberg
Ukraine's Anti-Graft Forces Still Feel Pressure From Zelenskiy
Ukraine's anti-corruption officials fear that pressure will remain from President Volodymyr Zelenskiy's administration even after he backed down over a measure to strip anti-graft agencies of their independence. Anxiety is lingering that Kyiv may still undermine the work of the country's two main anti-corruption agencies, through pressure on investigators or removing their directors, according to people familiar with the matter. Those concerns are shared in the capitals of Kyiv's allies, according to a European official.
