Russia's APT28 has introduced a new malware named Authentic Antics, which targets Microsoft credentials and email accounts. The UK recently sanctioned several GRU units for their longstanding cyber activities. Authentic Antics is linked to a breach in 2023 and poses significant risks by capturing user credentials through a deceptive login interface. The malware exfiltrates data by sending emails from compromised accounts to controlled addresses, illustrating an advanced level of cyber threat from the Russian military intelligence unit. Continuous monitoring and protective measures are essential to counteract such threats.
The use of Authentic Antics malware demonstrates the persistence and sophistication of the cyber threat posed by Russia's GRU, according to the UK's National Cyber Security Centre director of operations Paul Chichester.
Authentic Antics periodically displays a login window that prompts the user to enter their credentials, stealing the data along with OAuth authentication tokens for Microsoft services.
Collection
[
|
...
]