1. Forum
  2. FidoNet
  3. CONSPRCY

  • UK warns Russian Fancy Be

    From Mike Powell@1:2320/105 to All on Mon Jul 21 09:04:48 2025
    UK warns Russian Fancy Bear hackers are targeting Microsoft 365 accounts

    Date:
    Mon, 21 Jul 2025 13:42:40 +0000

    Description:
    Western companies helping Ukraine are being targeted with sophisticated Authentic Antics malware.

    FULL STORY

    Russian cybercriminals are targeting Microsoft 365 accounts with specialized malware , the UK government's cybersecurity arm has warned.

    The UK National Cyber Security Centre (NCSC) has published a new technical
    deep dive, detailing a sophisticated piece of malware called Authentic
    Antics, first spotted in 2023, but only now attributed to APT28 - a known, state-sponsored threat actor from Russia, working for the countrys General Staff Main Intelligence Directorate (GRU).

    APT28 is also known as Fancy Bear or Forest Blizzard and has been attributed
    to many high-profile cyber-espionage campaigns throughout the West.

    Faking Microsoft login

    While the NCSC doesnt detail how the malware gets deployed, it speculates
    that its most likely through phishing emails or malicious Outlook add-ins.

    Once running on the target machine, it targets Microsoft Outlook, looking to steal login credentials and OAuth 2.0 tokens for Microsoft services such as Exchange Online, SharePoint, or OneDrive.

    It works by sporadically showing fake login prompts that mimic Microsofts authentication windows. It uses environmental keying to make sure it only activates on specific machines, and once the victims try to log in - the information is relayed to the attackers.

    For exfiltration, Authentic Antics uses the victims email inbox, sending the information in an email that later gets deleted from the Sent folder.

    Authentic Antics is part of a broader cyber-espionage campaign, targeting western organizations - especially those who support Ukraine in their war effort against Russia.

    While names werent mentioned, the NCSC did say APT28 targeted logistics and transport organizations, tech firms with access to Microsofts cloud services, government entities in NATO countries, and broader infrastructure such as internet-connected cameras at border crossings, used to track shipments to Ukraine.

    As a result of the findings, the UK has sanctioned GRU operatives, which included three units and 18 officers, Reuters reported.

    Via The Register

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/uk-warns-russian-fancy-bear-hackers-are -targeting-microsoft-365-accounts

    $$
    --- SBBSecho 3.28-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)