- British NCSC details Use of an authentic malware piece
- It is awarded to Apt28 and allegedly used against Western companies helping Ukraine
- The United Kingdom sanctioned 20 people suspected of being involved
Russian cybercriminals target Microsoft 365 accounts with specialized malware, warned the British government’s cybersecurity branch.
The National Kingdom National Cyber Security Center (NCSC) has published a new in -depth technical dive, detailing a “sophisticated malware” entitled Authentic Aticch, first identified in 2023, but only attributed to Apt28 – a threatening actor known and sponsored by the state of Russia, working for the general staff of the main country (Gu).
Apt28 is also known as Blizzard Fancy Bear or Forest and has been attributed to numerous high-level cyber-spying campaigns throughout the west.
Faking Microsoft Connection
Although the NCSC does not detail how malware is deployed, it speculates that it is most likely by phishing emails or malware from Outlook.
Once executed on the target machine, it targets Microsoft Outlook, seeking to steal connection identification information and OAUTH 2.0 tokens for Microsoft services such as Exchange Online, SharePoint or OneDrive.
It works by showing sporadically of false connection prompts that imitate Microsoft authentication windows. He uses environmental Keying to ensure that he is only activated on specific machines, and once the victims are trying to connect – the information is relayed to the attackers.
For exfiltration, Authentic Aicsics uses the victim’s reception box, by sending the information in an email which is then deleted from the “sent” file.
Authentic Aticch is part of a broader cyber -spying campaign, targeting Western organizations – in particular those who support Ukraine in their war effort against Russia.
Although the names were not mentioned, the NCSC said that Apt28 targeted logistics and transport organizations, technological companies with access to Microsoft cloud services, government entities in NATO countries and wider infrastructure such as cameras connected to the Internet to Border Crossings, used to follow expeditions to Ukraine.
Following the conclusions, the United Kingdom sanctioned the GRU agents, which included three units and 18 officers, PK Press Club reported.
Via The register
