Man-in-the-Middle Attack | Breaking Cybersecurity News | The Hacker News

In early 2025, Russian state-backed threat group Secret Blizzard targeted foreign embassies with a man-in-the-middle (MITM) attack that bypassed MFA. Instead of sending phishing emails or dropping malware, they compromised the root of trust on embassy systems — the mechanism that determines which connections and certificates are trusted. By controlling local internet infrastructure inside Russia, Secret Blizzard: Used that certificate to impersonate legitimate websites without triggering browser warnings. Intercepted "secure" traffic to harvest session tokens, cookies, and credentials — without detection. High-signal takeaway: A root-of-trust compromise undermines all Transport Layer Security (TLS)-based protections, including FIDO-based MFA. Why Traditional MFA and FIDO Fail Against This Attack Seemingly secure MFA assumes secure TLS connections. When TLS is compromised via a rogue root certificate, the browser happily connects to an attacker-controlled endpoint. This break...