Bluedelta

Threat Actor updated 15 days ago (2024-11-29T14:26:26.601Z)
Download STIX
Preview STIX
Bluedelta is a threat actor associated with the Russian state-sponsored hacking operation APT28 or Fancy Bear. In a recent spear-phishing campaign that began in November 2021, several government entities and a military aviation organization in Ukraine had their email servers targeted by Bluedelta. This was revealed by cybersecurity firm Recorded Future through their news site, The Record. The Insikt Group assessed that Bluedelta's activity is likely intended to enable military intelligence-gathering to support Russia's invasion of Ukraine. They anticipate that Bluedelta will prioritize targeting Ukrainian government and private sector organizations to support wider Russian military efforts. Notably, Bluedelta has demonstrated a long-standing interest in gathering intelligence on entities in Ukraine and across Europe, primarily among government and military/defense organizations. The Bluedelta campaign used spearphishing techniques, sending emails with attachments exploiting vulnerabilities in Roundcube, a web-based email client, to run reconnaissance and exfiltration scripts. This resulted in redirecting incoming emails and gathering session cookies, user information, and address books. Specifically, the BlueDelta Outlook and Roundcube spearphishing infection chain overlap.
Description last updated: 2023-06-23T02:17:24.222Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Bluedelta Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more