Russia’s FSB targeting foreign embassies in Moscow with malware, says Microsoft

Microsoft has revealed that Russia’s Federal Security Service (FSB) is using local internet providers to launch malware attacks on foreign embassies in Moscow, in a targeted cyber espionage campaign.

The tech company said on Thursday that its threat intelligence unit has confirmed the campaign is being carried out within Russian borders, marking the first public confirmation that Moscow is running cyber operations at the internet service provider (ISP) level.

“Microsoft is now certain that this activity is happening within Russian borders,” said Sherrod DeGrippo, Microsoft's director of Threat Intelligence Strategy, in comments to Reuters.

The attacks were reportedly carried out in February and involved the installation of custom backdoors on embassy systems. These backdoors allow further malware to be deployed and data to be stolen, Microsoft said. The company did not identify which embassies were targeted.

The campaign is linked to a long-standing Russian cyber unit Microsoft calls "Secret Blizzard", also known in other cybersecurity circles as “Turla.” The U.S. government has previously identified the group as an FSB-controlled unit active in global espionage campaigns for nearly two decades.

In 2023, the FBI disrupted one of Turla’s operations that had reportedly targeted governments and journalists.

Microsoft’s disclosure comes at a sensitive moment in geopolitical tensions, with Washington calling on Moscow to support a ceasefire in Ukraine and NATO allies pledging greater defence spending to deter Russian threats.

The U.S. State Department has not commented on the findings. Russian officials have also not responded but have consistently denied involvement in cyber espionage.

Copied