Russian hackers using sophisticated 'Authentic Antics' malware, UK says

A notorious Russian military hacking operation was spotted using a new set of state-of the-art malware tools targeting victim email accounts.

The National Cyber Security Centre (NCSC) branch of the UK's Government Communications Headquarters (GCHQ) intelligence agency said that the APT 28 group, aka Fancy Bear, is using what is described as a “sophisticated” suite of tools known as “Authentic Antics."

Designed as an infostealer specifically targeting Microsoft Windows systems, the malware sits on the host machine and looks to hide its activity amidst legitimate Windows system processes. While doing that, the Authentic Antics malware occasionally serves the target with Windows login-prompts.

In addition to targeting local account credentials, the malware looks to access Windows OAuth tokens that could allow the attackers to log into other Windows-hosted services and accounts.

https://www.scworld.com/news/russian-hackers-using-sophisticated-authentic-antics-malware-uk-says