Bluedelta is a threat actor associated with the Russian state-sponsored hacking operation APT28 or Fancy Bear. In a recent spear-phishing campaign that began in November 2021, several government entities and a military aviation organization in Ukraine had their email servers targeted by Bluedelta. This was revealed by cybersecurity firm Recorded Future through their news site, The Record.
The Insikt Group assessed that Bluedelta's activity is likely intended to enable military intelligence-gathering to support Russia's invasion of Ukraine. They anticipate that Bluedelta will prioritize targeting Ukrainian government and private sector organizations to support wider Russian military efforts. Notably, Bluedelta has demonstrated a long-standing interest in gathering intelligence on entities in Ukraine and across Europe, primarily among government and military/defense organizations.
The Bluedelta campaign used spearphishing techniques, sending emails with attachments exploiting vulnerabilities in Roundcube, a web-based email client, to run reconnaissance and exfiltration scripts. This resulted in redirecting incoming emails and gathering session cookies, user information, and address books. Specifically, the BlueDelta Outlook and Roundcube spearphishing infection chain overlap.
Description last updated: 2023-06-23T02:17:24.222Z