Blizzard APT Expands AitM Campaign Targeting Embassades via ISPs

Blizzard APT, a sophisticated cyber threat group allegedly backed by Moscow, has expanded its ongoing Adversary-in-the-Middle (AitM) campaign. This group is leveraging legal interception systems to deploy a custom backdoor malware known as ApolloShadow, targeting embassies through compromised Internet Service Providers (ISPs). The use of legal interception systems by Blizzard APT is particularly noteworthy, as these systems are being repurposed to facilitate malicious activities. By intercepting communications between embassies and their ISPs, Blizzard APT deploys ApolloShadow, enabling persistent access, data exfiltration, and lateral movement within targeted networks. This campaign highlights the evolving tactics of state-sponsored threat actors, complicating detection and raising concerns about the integrity of legal interception systems and ISPs. Cybersecurity professionals must prioritize robust network monitoring, multi-factor authentication (MFA), encryption, and regular traffic audits. Mitigation strategies include network traffic analysis tools to detect unusual patterns, strict access controls, and network segmentation. The campaign underscores the need for vigilant and proactive defense strategies against advanced threats.