*

GRU units targeted media, telecoms and energy sectors, UK

says

*

UK sanctions include GRU units, officers linked to

cyberattacks

*

Britain's NCSC attributes novel malware to GRU unit

(Updates with UK discovery of Russian malware targeting

Microsoft ( MSFT ) products)

LONDON, July 18 (Reuters) - Britain said on Friday it

had discovered a sophisticated digital espionage tool and

sanctioned more than 20 Russian spies, hackers and agencies over

what it called a "sustained campaign of malicious cyber

activity" targeting governments and institutions across Europe.

Britain's National Cyber Security Centre (NCSC) said novel

malware used by spies at Russia's GRU military intelligence

agency had been used to harvest login credentials from online

Microsoft ( MSFT ) products.

The foreign ministry said it was sanctioning three units of

the GRU and 18 of its officers. These included people it said

were involved in targeting strikes against Mariupol during the

war in Ukraine, and spying on former Russian double agent Sergei

Skripal and his daughter Yulia before they were targeted in a

Novichok poisoning in Britain in 2018.

"GRU spies are running a campaign to destabilise Europe,

undermine Ukraine's sovereignty and threaten the safety of

British citizens," foreign minister David Lammy said in a

statement.

British authorities have repeatedly accused Moscow of

orchestrating malign activity, ranging from traditional

espionage and actions to undermine democracy, to sabotage and

assassinations.

Moscow has rejected such accusations, saying they are

politically motivated and that it poses no threat to Britain.

The Russian embassy in London did not immediately respond to a

request for comment.

Earlier this month, three men were convicted over an arson

attack on a Ukrainian-linked business in London which police

said was carried out at the behest of Russia's Wagner mercenary

group.

The European Union and NATO issued statements on Friday

condemning what they described as Russia's destabilising hybrid

activities.

'SOPHISTICATED MALWARE'

In its latest announcement, Britain said three Russian GRU

units - 29155, 26165 and 74455 - had targeted media outlets,

telecoms providers, political and democratic institutions, and

energy infrastructure in the United Kingdom and across Europe.

Among these incidents were an Estonian government hack in

2020, a cyberattack on the German Bundestag in 2015, the hacking

in 2016 of the U.S. Democratic National Committee and Democratic

Congressional Campaign Committee, and cyberattacks on the Paris

Olympics last year, Britain said.

The NCSC said a hacking group known as APT 28, part of GRU

unit 26165, had developed "sophisticated malware" it dubbed

"AUTHENTIC ANTICS" which tricks users of Microsoft ( MSFT ) cloud

accounts into entering their credentials into a login window

controlled by the hackers.

The NCSC did not say who had been targeted by the malware.

Representatives for Microsoft ( MSFT ) did not immediately respond to a

request for comment.

The British foreign ministry also said Unit 26165 had

conducted reconnaissance on the Mariupol Theatre in March 2022

ahead of air strikes that local officials said killed about 300

people. Russia denied deliberately targeting the theatre.

In addition to the GRU-focused sanctions, the ministry said

it was sanctioning three leaders of "African Initiative", which

it said was a Russian-funded social media content mill

conducting information operations in West Africa.

Britain has recently ramped up its military spending to help

change its approach to defence, partly to address threats from

Russia, nuclear risks and cyberattacks.