Powerful posted in recent cyber attack Authentic activities Microsoft Cloud accounts were the misdeeds of the infamous Russian fancy bear hacking group to target the accounts, the National Cyber Security Center (NCSC) of the UK has said.
Authentic antics were discovered after a cyber attack in 2023, which inspired the NCSC technology of malware published in May this year. The agency has now confirmed everyone’s suspicion by formally responsible for Russia’s GRU 26165 Military Intelligence Unit, known as fancy bears or APT 28.
However, where most of the reports on espionage shine on details, the latest NCSC reports provide an unusual level of background on Russian operators behind the latest NCSC reported fancy bears.
Overall, 18 intelligence officers and commanders Names and financially approved In addition to 29155 and 74455, 26165 by NCSC in Gru units.
A ‘campaign to destabilize Europe’
Fancy bears became a domestic name for attacks like bear 2016 leak World Anti-Doping Agency (WADA) athlete data and Uniform data violation The same year during the presidential election in the American Democratic National Committee (DNC).
As NCSCThe unit has made several attacks since then, including the goal of Email accounts of Yulia and Sergei Skripal, who assisted them. Attempt to murder In 2018.
UK Foreign Secretary David Lammi commented, “GRU spies are running a campaign to destabilize Europe, reduce Ukraine’s sovereignty and be a threat to the protection of British citizens.”
He said, “Kremlin should not have any doubt: we see what they are trying to do in the shadow, and we will not tolerate it. So we are taking decisive action with restrictions against Russian spies. It is fundamental for this government’s plan to protect Britain from damage.”
How dangerous is the authentic antics?
Like all nation-state cyber appliances, authentic antex is good as to what it is designed to do, in this case, steal the Microsoft Office Account Crearentices through fake login signals or Oauth 2.0 tokens.
Malware has employed several techniques to detect identity, including communication using legitimate services and sending innocent -looking emails to exfiltrate the stolen data from hacked accounts.
“No traditional commands and controls have been implemented, which has increased the possibility of detection,” May said NCSC analysis,
Then, the bad news is that it is very difficult to find out. The good news is that it is also used only against specific goals, meaning that it is unlikely to be widely deployed. However, there is still no harm in studying indicators of agreement (IOCS) documented by NCSC or application. Yara rule On the endpoint protection platforms.
Pull a bear
Why do fancy bears, Russian GRU units, names of operators and advanced hacking tools?
Beyond the obvious need to warn the world about these activities, revelations especially against China, describe a form of information war leading by the US in the last decade. This strategy assumes that one way to combat the espionage of the nation state is that it is the name of the name that is approved to the real people, which blows up the mystery that often surrounds some of these groups, especially when the fancy bear or APT 28 is given to unqualified designations.
It also puts the enemy in notice that its equipment is known, opponents need opponents to spend for new development efforts.
