Subj : UK warns Russian Fancy Bear hackers are targeting Microsoft 365 a
To   : All
From : TechnologyDaily
Date : Mon Jul 21 2025 14:45:07

UK warns Russian Fancy Bear hackers are targeting Microsoft 365 accounts

Date:
Mon, 21 Jul 2025 13:42:40 +0000

Description:
Western companies helping Ukraine are being targeted with sophisticated 
Authentic Antics malware.

FULL STORY
======================================================================UK NCSC 
details use of a piece of Authentic Antics malware It is attributed to APT28 
and allegedly used against Western companies helping Ukraine The UK 
sanctioned 20 individuals suspected of being involved 

Russian cybercriminals are targeting Microsoft 365 accounts with specialized 
malware , the UK government's cybersecurity arm has warned. 

The UK National Cyber Security Centre (NCSC) has published a new technical 
deep dive, detailing a sophisticated piece of malware called Authentic 
Antics, first spotted in 2023, but only now attributed to APT28 - a known, 
state-sponsored threat actor from Russia, working for the countrys General 
Staff Main Intelligence Directorate (GRU). 

APT28 is also known as Fancy Bear or Forest Blizzard and has been attributed 
to many high-profile cyber-espionage campaigns throughout the West. Faking 
Microsoft login 

While the NCSC doesnt detail how the malware gets deployed, it speculates 
that its most likely through phishing emails or malicious Outlook add-ins. 

Once running on the target machine, it targets Microsoft Outlook, looking to 
steal login credentials and OAuth 2.0 tokens for Microsoft services such as 
Exchange Online, SharePoint, or OneDrive. 

It works by sporadically showing fake login prompts that mimic Microsofts 
authentication windows. It uses environmental keying to make sure it only 
activates on specific machines, and once the victims try to log in - the 
information is relayed to the attackers. 

For exfiltration, Authentic Antics uses the victims email inbox, sending the 
information in an email that later gets deleted from the Sent folder. 

Authentic Antics is part of a broader cyber-espionage campaign, targeting 
western organizations - especially those who support Ukraine in their war 
effort against Russia. 

While names werent mentioned, the NCSC did say APT28 targeted logistics and 
transport organizations, tech firms with access to Microsofts cloud services, 
government entities in NATO countries, and broader infrastructure such as 
internet-connected cameras at border crossings, used to track shipments to 
Ukraine. 

As a result of the findings, the UK has sanctioned GRU operatives, which 
included three units and 18 officers, Reuters reported. 

 Via The Register You might also like Global Russian hacking campaign steals 
data from government agencies Take a look at our guide to the best 
authenticator app We've rounded up the best password managers



======================================================================
Link to news story:
https://www.techradar.com/pro/security/uk-warns-russian-fancy-bear-hackers-are
-targeting-microsoft-365-accounts


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.