{"id":1697,"date":"2025-07-22T11:38:53","date_gmt":"2025-07-22T11:38:53","guid":{"rendered":"https:\/\/www.tsfactory.com\/forums\/?p=1697"},"modified":"2025-07-22T11:38:53","modified_gmt":"2025-07-22T11:38:53","slug":"uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details","status":"publish","type":"post","link":"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/","title":{"rendered":"UK Sanctions Russian APT 28 Hackers for Attacking Microsoft Cloud Service Login Details"},"content":{"rendered":"

The UK Government has imposed sanctions on Russian military intelligence units and 18 individuals following the exposure of a sophisticated cyber espionage campaign targeting\u00a0Microsoft cloud services<\/a>.<\/p>\n

The National Cyber Security Centre (NCSC)\u00a0revealed<\/a>\u00a0that the Russian Advanced Persistent Threat group APT 28 deployed previously unknown malware called AUTHENTIC ANTICS to steal login credentials and maintain persistent access to victim email accounts.<\/p>\n

AUTHENTIC ANTICS Targets Microsoft Cloud Environment<\/strong><\/h2>\n

The AUTHENTIC ANTICS malware represents a significant evolution in Russian cyber capabilities, specifically designed to target Microsoft cloud environments through sophisticated credential harvesting techniques.<\/p>\n

\n

According to the NCSC\u2019s technical analysis, the malware operates by periodically displaying legitimate-looking login windows that prompt users to enter their credentials.<\/p>\n

Once captured, these credentials are intercepted alongside\u00a0OAuth authentication tokens<\/a>, which provide the attackers with extended access to Microsoft services without triggering traditional security alerts.<\/p>\n

The malware\u2019s stealth capabilities extend beyond simple credential theft. AUTHENTIC ANTICS can exfiltrate sensitive data by automatically sending emails from compromised accounts to actor-controlled addresses while ensuring these messages never appear in the victim\u2019s sent folder.<\/p>\n

This technique allows for covert data extraction that can remain undetected for extended periods, enabling long-term intelligence gathering operations.<\/p>\n

The UK\u2019s response includes comprehensive sanctions against three GRU units: 26165, 29155, and 74455, along with 18 GRU officers and agents involved in global cyber and information interference operations.<\/p>\n

Read the Full Story Here<\/a><\/p>\n

Source: Cybersecurity News<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

The UK Government has imposed sanctions on Russian military intelligence units and 18 individuals following the exposure of a sophisticated cyber espionage campaign targeting\u00a0Microsoft cloud services. The National Cyber Security Centre (NCSC)\u00a0revealed\u00a0that the Russian Advanced Persistent Threat group APT 28 deployed previously unknown malware called AUTHENTIC ANTICS to steal login credentials and maintain persistent access […]<\/p>\n","protected":false},"author":2,"featured_media":1698,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1697","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"yoast_head":"\nUK Sanctions Russian APT 28 Hackers for Attacking Microsoft Cloud Service Login Details - Community<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"UK Sanctions Russian APT 28 Hackers for Attacking Microsoft Cloud Service Login Details - Community\" \/>\n<meta property=\"og:description\" content=\"The UK Government has imposed sanctions on Russian military intelligence units and 18 individuals following the exposure of a sophisticated cyber espionage campaign targeting\u00a0Microsoft cloud services. The National Cyber Security Centre (NCSC)\u00a0revealed\u00a0that the Russian Advanced Persistent Threat group APT 28 deployed previously unknown malware called AUTHENTIC ANTICS to steal login credentials and maintain persistent access […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/\" \/>\n<meta property=\"og:site_name\" content=\"Community\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/TSFactoryLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-22T11:38:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/07\/russianhackers.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chelsie Wyatt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:site\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chelsie Wyatt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/\",\"name\":\"UK Sanctions Russian APT 28 Hackers for Attacking Microsoft Cloud Service Login Details - Community\",\"isPartOf\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/07\/russianhackers.jpg\",\"datePublished\":\"2025-07-22T11:38:53+00:00\",\"author\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/#primaryimage\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/07\/russianhackers.jpg\",\"contentUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/07\/russianhackers.jpg\",\"width\":1600,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.tsfactory.com\/forums\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"UK Sanctions Russian APT 28 Hackers for Attacking Microsoft Cloud Service Login Details\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/\",\"name\":\"Community\",\"description\":\"TSFactory\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\",\"name\":\"Chelsie Wyatt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"caption\":\"Chelsie Wyatt\"},\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"UK Sanctions Russian APT 28 Hackers for Attacking Microsoft Cloud Service Login Details - Community","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/","og_locale":"en_US","og_type":"article","og_title":"UK Sanctions Russian APT 28 Hackers for Attacking Microsoft Cloud Service Login Details - Community","og_description":"The UK Government has imposed sanctions on Russian military intelligence units and 18 individuals following the exposure of a sophisticated cyber espionage campaign targeting\u00a0Microsoft cloud services. The National Cyber Security Centre (NCSC)\u00a0revealed\u00a0that the Russian Advanced Persistent Threat group APT 28 deployed previously unknown malware called AUTHENTIC ANTICS to steal login credentials and maintain persistent access […]","og_url":"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/","og_site_name":"Community","article_publisher":"https:\/\/www.facebook.com\/TSFactoryLLC\/","article_published_time":"2025-07-22T11:38:53+00:00","og_image":[{"width":1600,"height":900,"url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/07\/russianhackers.jpg","type":"image\/jpeg"}],"author":"Chelsie Wyatt","twitter_card":"summary_large_image","twitter_creator":"@TSFactoryLLC","twitter_site":"@TSFactoryLLC","twitter_misc":{"Written by":"Chelsie Wyatt","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/","url":"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/","name":"UK Sanctions Russian APT 28 Hackers for Attacking Microsoft Cloud Service Login Details - Community","isPartOf":{"@id":"https:\/\/www.tsfactory.com\/forums\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/#primaryimage"},"image":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/#primaryimage"},"thumbnailUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/07\/russianhackers.jpg","datePublished":"2025-07-22T11:38:53+00:00","author":{"@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f"},"breadcrumb":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/#primaryimage","url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/07\/russianhackers.jpg","contentUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/07\/russianhackers.jpg","width":1600,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/uk-sanctions-russian-apt-28-hackers-for-attacking-microsoft-cloud-service-login-details\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.tsfactory.com\/forums\/"},{"@type":"ListItem","position":2,"name":"UK Sanctions Russian APT 28 Hackers for Attacking Microsoft Cloud Service Login Details"}]},{"@type":"WebSite","@id":"https:\/\/www.tsfactory.com\/forums\/#website","url":"https:\/\/www.tsfactory.com\/forums\/","name":"Community","description":"TSFactory","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f","name":"Chelsie Wyatt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","caption":"Chelsie Wyatt"},"url":"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1697","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/comments?post=1697"}],"version-history":[{"count":1,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1697\/revisions"}],"predecessor-version":[{"id":1699,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1697\/revisions\/1699"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media\/1698"}],"wp:attachment":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media?parent=1697"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/categories?post=1697"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/tags?post=1697"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}