Britain accuses Russian military intelligence of cyber espionage
Illustrative photo (Photo: Depositphotos)

The United Kingdom has announced the disclosure of a Russian military intelligence operation involving the use of sophisticated cyber espionage malware. About this reported the British National Cyber Security Center (NCSC).

According to official reports, the hacker group APT 28, which operates under the control of Russia's Main Intelligence Directorate, is behind the attacks.

Read also
Sprout. How Russian intelligence services are undermining Europe

The NCSC announced that APT 28 used a new malware called "AUTHENTIC ANTICS" to infiltrate users' email accounts.

The program stole credentials and access tokens, masquerading as legitimate Microsoft requests, and provided hidden access to email accounts.

The analysis of AUTHENTIC ANTICS shows that it was specifically designed to provide constant access to Microsoft cloud accounts by disguising itself as legitimate activity.

"It periodically displays a login window asking the user to enter their credentials, which are then intercepted by the malware along with OAuth authentication tokens that allow access to Microsoft services," the report says.

This formal indictment coincided with new UK sanctions against three GRU units – 26165, 29155 and 74455 – and 18 officers and agents for their involvement in global cyberattacks and hybrid operations.

Minister for Foreign Affairs of the United Kingdom David Lemmy said that the Kremlin was trying to destabilize Europe and threaten the security of British citizens, but that London would continue to resolutely defend its interests and support Ukraine.

NCSC Director of Operations Paul Chichester urged British organizations to strengthen cyber defense and not to underestimate the threat from the GRU.

The AUTHENTIC ANTICS malware was discovered during a joint investigation by Microsoft and the NCC Group in 2023.