The Register: UK uncovers novel Microsoft snooping malware, blames and sanctions GRU cyberspies

Jul 20, 2025

—

Source URL: https://www.theregister.com/2025/07/20/uk_microsoft_snooping_russia/
Source: The Register
Title: UK uncovers novel Microsoft snooping malware, blames and sanctions GRU cyberspies

Feedly Summary: Fancy Bear can’t keep its claws out of Outlook inboxes
The UK government is warning that Russia’s APT28 (also known as Fancy Bear or Forest Blizzard) has been deploying previously unknown malware to harvest Microsoft email credentials and steal access to compromised accounts.…

AI Summary and Description: Yes

Summary: The text highlights a security threat posed by Russia’s APT28 group, also known as Fancy Bear, which is employing new malware to target Microsoft’s Outlook email service. This situation is critical for professionals in the fields of information security and infrastructure security, particularly in light of the nature of the threat and the implications for organizational email security.

Detailed Description: The alert regarding Fancy Bear’s activities emphasizes the following points that are of significant importance to security professionals:

– **Threat Actor:** Fancy Bear (APT28) is a well-known Russian cyber espionage group linked to various cyber-attacks against governments and organizations worldwide.
– **New Malware:** The group is utilizing previously unknown malware, highlighting the evolving nature of cyber threats and the need for constant vigilance and advanced security measures.
– **Target:** The focus on Microsoft Outlook raises concerns about the security of email communications, which are often essential for business operations and sensitive information exchanges.
– **Credential Harvesting:** The malware is specifically designed to harvest email credentials, indicating a targeted approach to gaining unauthorized access to compromised accounts.
– **Implications for Security Professionals:**
– Organizations using Microsoft services must enhance their cybersecurity measures, including multi-factor authentication and regular security training for employees.
– Continuous monitoring and threat intelligence are critical to reframing security strategies against such advanced persistent threats (APTs).
– The importance of incident response planning cannot be overstated, as swift action is necessary to mitigate damage in the event of a breach.

In summary, this report underscores an urgent need for enhanced vigilance and proactive security measures among organizations and professionals who rely on email communication. The rise of new malware variants calls for an urgent updating of security protocols and an understanding of the tactics employed by cyber threat actors like Fancy Bear.

2 2025 5 7 a access account Act advanced advanced persistent threat advanced persistent threats advanced security advanced security measures AI and app APT28 Aria art as at ated attack attacks authentication AWS Box breach business business operations by C CERN CI co Col communication compromised compromised accounts concerns constant continuous continuous monitoring core credential credential harvesting credentials critical cyber cyber threat cyber threat actor cyber threat actors cyber threats cyber-espionage cybersecurit Cybersecurity cybersecurity measures D de design e email email communication email security email service espionage espionage group event fact factor authentication Fancy Bear following for g Gen GIS Go government governments Group H high Highlight HR http HTTPS implications implications for security in incident incident response incident response plan Incident Response Planning information information security infrastructure infrastructure security Intel intelligence io k l Lance law led Li Link linked low M malware malware variants measures Micro Microsoft Microsoft Outlook Microsoft services Monitor monitoring multi multi-factor authentication N new no o of on operation operations organization organizations oS out Outlook over per planning point pre pro proactive proactive security proactive security measures professionals protocol protocols ps R Raise rate RCE red report response Response Plan Ro RoT Russia Russian Russian Cyber s Sanctions sec security security measure security measures security professionals security protocols security strategies security threat security training sensitive information service services Sig size source specific SSE state strategies Swift T tactics targeted ted text the threat threat actor threat actors threat intel threat intelligence threats to Tor TP training UK UK government unauthorized access under up US uth V vigilance Ware Well Wi world x z