SYMBOLCOMMON_NAMEaka. SYNONYMS
win.apollo_shadow (Back to overview)

ApolloShadow

Actor(s): Turla

According to Microsoft, ApolloShadow has the capability to install a trusted root certificate to trick devices into trusting malicious actor-controlled sites, enabling Secret Blizzard to maintain persistence on diplomatic devices, likely for intelligence collection. It has been used in a campaign where Secret Blizzard has been targeting embassies located in Moscow using an adversary-in-the-middle (AiTM) position.

References
2025-07-31MicrosoftMicrosoft Threat Intelligence
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats
ApolloShadow

There is no Yara-Signature yet.