The UK's National Cyber Security Centre has attributed cyber attacks to the Fancy Bear APT group, employing malware known as Authentic Antics. This malware steals login credentials and tokens from email accounts, facilitating long-term access for Russian cyber spies. Fancy Bear is associated with the GRU, the Russian military intelligence agency. Authentic Antics has been effectively utilized since 2023 and integrates into Microsoft Outlook processes, displaying malicious prompts to deceive users into providing their credentials. The NCSC emphasizes the need for vigilance and protective measures against such threats.
The use of Authentic Antics malware demonstrates the persistence and sophistication of the cyber threat posed by Russia's GRU.
NCSC investigations of GRU activities over many years show that network defenders should not take this threat for granted and that monitoring and protective action is essential for defending systems.
Working with NCC Group, which provided samples of Authentic Antics, the NCSC's experts have conducted a lengthy analysis of the malware.
The malware has been widely used since about 2023, and runs within Microsoft Outlook processes where it displays malicious login prompts.
Collection
[
|
...
]