LONDON (Reuters) -Britain said on Friday it had discovered a sophisticated digital espionage tool and sanctioned more than 20 Russian spies, hackers and agencies over what it called a “sustained campaign of malicious cyber activity” targeting governments and institutions across Europe.
Britain’s National Cyber Security Centre (NCSC) said novel malware used by spies at Russia’s GRU military intelligence agency had been used to harvest login credentials from online Microsoft products.
The foreign ministry said it was sanctioning three units of the GRU and 18 of its officers. These included people it said were involved in targeting strikes against Mariupol during the war in Ukraine, and spying on former Russian double agent Sergei Skripal and his daughter Yulia before they were targeted in a Novichok poisoning in Britain in 2018.
“GRU spies are running a campaign to destabilise Europe, undermine Ukraine’s sovereignty and threaten the safety of British citizens,” foreign minister David Lammy said in a statement.
British authorities have repeatedly accused Moscow of orchestrating malign activity, ranging from traditional espionage and actions to undermine democracy, to sabotage and assassinations.
Moscow has rejected such accusations, saying they are politically motivated and that it poses no threat to Britain. The Russian embassy in London did not immediately respond to a request for comment.
Earlier this month, three men were convicted over an arson attack on a Ukrainian-linked business in London which police said was carried out at the behest of Russia’s Wagner mercenary group.
The European Union and NATO issued statements on Friday condemning what they described as Russia’s destabilising hybrid activities.
‘SOPHISTICATED MALWARE’
In its latest announcement, Britain said three Russian GRU units – 29155, 26165 and 74455 – had targeted media outlets, telecoms providers, political and democratic institutions, and energy infrastructure in the United Kingdom and across Europe.
Among these incidents were an Estonian government hack in 2020, a cyberattack on the German Bundestag in 2015, the hacking in 2016 of the U.S. Democratic National Committee and Democratic Congressional Campaign Committee, and cyberattacks on the Paris Olympics last year, Britain said.
The NCSC said a hacking group known as APT 28, part of GRU unit 26165, had developed “sophisticated malware” it dubbed “AUTHENTIC ANTICS” which tricks users of Microsoft cloud accounts into entering their credentials into a login window controlled by the hackers.
The NCSC did not say who had been targeted by the malware. Representatives for Microsoft did not immediately respond to a request for comment.
The British foreign ministry also said Unit 26165 had conducted reconnaissance on the Mariupol Theatre in March 2022 ahead of air strikes that local officials said killed about 300 people. Russia denied deliberately targeting the theatre.
In addition to the GRU-focused sanctions, the ministry said it was sanctioning three leaders of “African Initiative”, which it said was a Russian-funded social media content mill conducting information operations in West Africa.
Britain has recently ramped up its military spending to help change its approach to defence, partly to address threats from Russia, nuclear risks and cyberattacks.
(Reporting by Alistair Smout, Sam Tabahriti and Michael Holden. Additional reporting by Sarah Young and James Pearson in London and Lili Bayer in Brussels. Editing by Emelia Sithole-Matarise and Mark Potter)
