Russian hackers, APT Secret Blizzard, have been using AitM attacks since 2024 to deploy ApolloShadow malware on diplomatic devices in Moscow. Leveraging Russia's surveillance systems, they escalate privileges to conduct espionage. Microsoft advises using encrypted tunnels or VPNs for protection.

‍