Secret Blizzard shows why FIDO cannot trust compromised TLS

At a glance

What this is: This is an analysis of a Secret Blizzard man-in-the-middle campaign against embassies and the key finding that compromised device trust can subvert TLS-based authentication.

Why it matters: It matters because IAM and NHI teams must treat endpoint trust anchors, session protection, and device-bound credentials as part of identity governance, not separate concerns.

👉 Read Beyond Identity's analysis of Secret Blizzard, FIDO, and MITM risk

Context

A man-in-the-middle attack is not just about intercepting traffic in transit. In this case, the security gap begins when an attacker can alter the device trust chain itself, install a rogue certificate authority, and then make intercepted sessions look legitimate to the endpoint and the browser. That directly affects NHI governance because tokens, cookies, service credentials, and other secrets are only as safe as the device and network assumptions behind them.

The article uses Secret Blizzard as a practical example of why classic MFA and even phishing-resistant methods can still fail when the trust model underneath them is compromised. That is an atypical but highly relevant starting position for practitioners, because most enterprise IAM controls still assume the endpoint and TLS environment can be trusted at validation time.

Key questions

Q: How should security teams handle authentication when device trust may be compromised?

A: Security teams should treat device trust as part of identity assurance, not a separate control plane. If an endpoint can accept a rogue certificate or altered root store, then login success no longer proves a trustworthy session. The right response is to combine hardware-backed credentials, device posture checks, and continuous validation of the session itself.

Q: Why do phishing-resistant methods still fail against man-in-the-middle attacks?

A: Phishing-resistant methods reduce credential capture, but they still depend on a valid trust environment. If an attacker can tamper with the device’s certificate trust or intercept the channel before the browser validates the session, the authentication flow can appear legitimate. The weakness is in the surrounding trust model, not necessarily the factor itself.

Q: What is the difference between login security and session security?

A: Login security verifies that the right identity completed authentication. Session security verifies that the connection, device, and token use remain trustworthy after login. In hostile environments, the second problem is often more important because attackers can steal cookies, tokens, or authentication material after the user has already signed in.

Q: When should organisations move beyond MFA to device-bound authentication?

A: Organisations should move beyond MFA when users access high-value systems from unmanaged, remote, or adversarial networks, or when the threat model includes local trust-store tampering. MFA helps at the point of login, but device-bound authentication adds assurance that the credential itself is tied to known hardware and a monitored device state.

Technical breakdown

Rogue certificate authorities and trust-store compromise

A rogue certificate authority works because endpoints typically trust a local certificate store to decide whether a TLS connection is legitimate. If an attacker can modify that trust store, the browser and applications may accept malicious certificates without warning. The key failure is not cryptography itself, but where trust is anchored. Once the endpoint believes the attacker-controlled CA is valid, the attacker can intercept HTTPS sessions while preserving the appearance of normal encryption. This is especially dangerous for NHI workflows that rely on browser sessions, OAuth redirects, and token exchanges, because the secret moves through a channel the endpoint now falsely trusts.

Practical implication: inventory and protect trust-store integrity as part of identity security, not just endpoint hygiene.

Why FIDO and MFA can still fail in a tampered TLS environment

FIDO is designed to bind authentication to trusted web domains and reduce phishing, but it still depends on the browser and the TLS channel presenting a legitimate destination. If the session is terminated or impersonated through a compromised trust anchor, the user may still complete an apparently valid authentication flow. The attacker is not breaking FIDO directly. Instead, the attacker is corrupting the conditions under which FIDO decides the session is authentic. That distinction matters for NHI governance because authentication strength does not automatically equal session integrity, and many service and workforce identity controls stop at the login event.

Practical implication: evaluate authentication in terms of session integrity and endpoint trust, not just factor resistance.

Device-bound credentials and continuous verification as compensating controls

Device-bound credentials reduce exposure by tying authentication to hardware-backed keys that cannot be copied out of the device. Continuous verification adds another layer by re-checking device posture and trust throughout the session rather than only at sign-in. In practice, this shifts the control objective from one-time authentication to ongoing assurance. For NHI and IAM teams, the architectural lesson is that credentials should be bound to a known device state and revalidated when that state changes. That is the only durable response when the attack can persist below the application layer and survive normal user activity.

Practical implication: move from point-in-time login checks to continuous device and session verification.

Threat narrative

Attacker objective: The attacker’s objective is to persistently intercept secure sessions and harvest authentication material without triggering user-visible warnings.

1. Entry via compromised embassy endpoint devices, followed by installation of a rogue certificate authority on the device root of trust.
2. Escalation through tampering with local trust decisions so that malicious certificates appear legitimate to the browser and applications.
3. Impact through ISP-level interception of TLS and HTTPS traffic, enabling silent capture of tokens, session cookies, and credentials.

Breaches seen in the wild

• Sisense breach — unauthorized GitLab access led to exfiltration of access tokens, API keys and certificates.
• Shai Hulud npm malware campaign — Shai Hulud campaign: npm malware exposed secrets on GitHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Device trust is now an identity control, not an endpoint afterthought. Secret Blizzard shows that when the trust anchor on the device is compromised, the authentication stack above it inherits that compromise. IAM programmes that do not account for endpoint trust integrity are assuming away the attack surface. Practitioners should treat device trust as a first-class identity control.

FIDO reduces phishing exposure, but it does not eliminate trust-anchor abuse. The article exposes a common governance blind spot: phishing resistance does not equal resistance to a compromised trust environment. Security teams must separate credential binding from channel integrity and verify both.

Ephemeral session protection is the real issue here, not just login hardening. If an attacker can silently observe or redirect traffic after authentication, strong sign-in controls do not prevent token theft or session hijacking. That means identity programmes need controls that extend into runtime, not just enrollment and authentication.

Zero trust breaks down when device and communication integrity are treated as assumptions. The strongest takeaway is that zero trust is only meaningful when the endpoint, the channel, and the credential all remain continuously verifiable. For practitioners, the right question is whether current controls can detect tampered trust anchors before the session becomes exploitable.

Root-of-trust architecture is the decisive design choice for high-risk environments. Hardware-backed, device-bound credentials and continuous re-authentication narrow the room for silent interception. The practical conclusion is straightforward: where adversaries can control local infrastructure, authentication must be independent of that infrastructure.

From our research:

• 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to Ultimate Guide to NHIs.
• Only 5.7% of organisations have full visibility into their service accounts, which helps explain why session abuse and hidden credential exposure persist.
• For a broader view of how credential sprawl turns into attack surface, review Guide to the Secret Sprawl Challenge.

What this signals

Ephemeral trust debt: once a device’s trust chain is altered, the organisation carries hidden risk until that state is detected and removed. For security programmes, the signal is that identity controls must extend to endpoint trust integrity and session validation, not just initial authentication.

With 70% of organisations granting AI systems more access than human employees in the 2026 Infrastructure Identity Survey, the broader lesson is that identity assurance is already being asked to cover autonomous and semi-trusted actors. That same governance pressure applies to privileged users in hostile environments, where device-bound control becomes a baseline rather than a specialist option.

Teams should expect more attacks that target the assumptions around trusted channels, not just the credentials inside them. That means certificate monitoring, device attestation, and token containment need to sit alongside traditional IAM controls in the operating model.

For practitioners

• Harden device trust-store controls Monitor and restrict changes to local certificate stores, trusted root CAs, and device trust anchors on managed endpoints used for sensitive access. Treat unexpected certificate installation as an identity incident, not only an endpoint event.
• Separate authentication from session assurance Review where your IAM stack stops at successful login and where it continues to validate session integrity, token handling, and device posture. Add runtime checks for high-risk applications and privileged access paths.
• Prioritise hardware-bound credentials for high-risk users Use device-bound, hardware-backed credentials for administrators, diplomats, and other users exposed to hostile network conditions. Pair them with device attestation so that trust depends on enrolled hardware rather than local browser assumptions.
• Add rogue-CA detection to identity monitoring Correlate certificate authority changes, TLS anomalies, and unusual token use patterns so teams can spot MITM conditions before sessions are abused. Feed those signals into privileged access reviews and incident response.

Key takeaways

• Secret Blizzard’s campaign shows that identity controls fail when attackers can tamper with the endpoint trust chain before authentication completes.
• Phishing-resistant authentication is not enough on its own if the session can be intercepted through a compromised TLS environment.
• Practitioners should pair hardware-bound credentials with continuous device and session verification for high-risk access paths.

Key terms

• Rogue Certificate Authority: A rogue certificate authority is an untrusted CA that an attacker installs or abuses so a device accepts forged certificates as legitimate. In practice, it can let a malicious party intercept encrypted traffic while the endpoint still believes the connection is secure.
• Device Trust Anchor: A device trust anchor is the root mechanism an endpoint relies on to decide what is authentic, such as a trusted root certificate store or hardware-backed key material. If that anchor is altered, higher-level identity checks can inherit false trust and become ineffective.
• Session Integrity: Session integrity is the assurance that an authenticated connection remains trustworthy after sign-in. It covers token use, channel validation, and device posture, because attackers often target the session after the login event rather than the login event itself.
• Device-bound Credential: A device-bound credential is tied to a specific hardware root, which makes it harder to copy, export, or replay on another system. This reduces the value of stolen secrets and helps identity controls survive hostile network or endpoint conditions.

Deepen your knowledge

Device trust, session integrity, and hardware-bound credentials are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your environment faces hostile networks or privileged remote access, it is worth exploring.

This post draws on content published by Beyond Identity: Secret Blizzard, a Russian MITM operation targeting embassies and what it means for identity security. Read the original.