Bluedelta

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
Bluedelta is a threat actor associated with the Russian state-sponsored hacking operation APT28 or Fancy Bear. In a recent spear-phishing campaign that began in November 2021, several government entities and a military aviation organization in Ukraine had their email servers targeted by Bluedelta. This was revealed by cybersecurity firm Recorded Future through their news site, The Record. The Insikt Group assessed that Bluedelta's activity is likely intended to enable military intelligence-gathering to support Russia's invasion of Ukraine. They anticipate that Bluedelta will prioritize targeting Ukrainian government and private sector organizations to support wider Russian military efforts. Notably, Bluedelta has demonstrated a long-standing interest in gathering intelligence on entities in Ukraine and across Europe, primarily among government and military/defense organizations. The Bluedelta campaign used spearphishing techniques, sending emails with attachments exploiting vulnerabilities in Roundcube, a web-based email client, to run reconnaissance and exfiltration scripts. This resulted in redirecting incoming emails and gathering session cookies, user information, and address books. Specifically, the BlueDelta Outlook and Roundcube spearphishing infection chain overlap.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Bluedelta Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Recorded Future
a year ago
BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities | Recorded Future
CERT-EU
a year ago
Ukrainian email servers subjected to Russian APT cyberespionage operation