The group is using an “adversary-in-the-middle” technique to deploy its custom “ApolloShadow” malware for intelligence collection. This campaign, active since at least 2024, poses a high risk to diplomatic entities and sensitive organizations in Moscow, particularly those relying on local internet providers.
