Russian threat actors linked to the GRU have deployed sophisticated malware called “Authentic Antics” to conduct espionage against Microsoft cloud accounts. UK authorities have responded by sanctioning Russian GRU units and officers, highlighting ongoing cyber threats from Russia. #AuthenticAntics #APT28 #GRU #FancyBear
Keypoints
- Authentic Antics malware is used for persistent access to Microsoft cloud accounts.
- The malware intercepts credentials and OAuth tokens by mimicking legitimate Outlook activity.
- It exfiltrates data via emails sent from victim accounts without leaving traces in the sent folder.
- There is no traditional command-and-control infrastructure, making detection more difficult.
- UK sanctions were issued against Russian GRU units and officers involved in cyber operations.
Read More: https://www.infosecurity-magazine.com/news/new-malware-targeting-email/