The British government has officially accused Russian military intelligence of orchestrating a large-scale cyber espionage campaign targeting international users with advanced malware. The allegation comes from the British National Cyber Security Centre (NCSC), which monitors and defends the UK’s digital infrastructure against cyber threats.
According to the NCSC, the cyberattack was conducted by the hacker group APT 28—also known as Fancy Bear—an elite hacking team operating under the direct control of Russia’s Main Intelligence Directorate (GRU). This group is notorious for previous high-profile cyberattacks on governments, organizations, and critical infrastructure around the world.
The NCSC report reveals that the attackers employed a sophisticated piece of malware called AUTHENTIC ANTICS. This malware was designed to stealthily infiltrate users’ Microsoft accounts by masquerading as legitimate Microsoft login prompts. Once infected, victims unknowingly entered their login credentials, which the malware then captured along with OAuth authentication tokens. These tokens allowed the hackers to maintain persistent and covert access to victims’ Microsoft cloud services, including email accounts, even if passwords were changed.
The malware’s ability to mimic official Microsoft communications made the phishing attempts highly convincing and difficult to detect. The attackers periodically triggered login prompts, tricking users into providing sensitive information that enabled ongoing surveillance and data theft without raising suspicion.
In response to the NCSC’s findings, the UK government has announced a series of new sanctions targeting individuals and entities linked to the Russian military intelligence apparatus. These sanctions aim to disrupt the funding and capabilities of Russian cyber operations and signal Britain’s commitment to defending its digital sovereignty against hostile foreign interference.
