Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns

May 31, 2024, 2:34 p.m.

Description

Throughout the three phases, BlueDelta used phishing emails, legitimate internet services LIS, and living off-the-land binaries LOLBins) to extract intelligence from key networks across Europe. They have engaged in credential harvesting campaigns aimed at Yahoo and UKR.]net users, as well as dedicated victim mail servers. BlueDelta’s recent operations have targeted the Ukrainian Ministry of Defence, Ukrainian weapons import and export companies, European railway infrastructure enterprises, and a think tank based in Azerbaijan. BlueDelta's espionage activities reflect a broader strategy aimed at gathering intelligence on entities with military significance to Russia in the context of its ongoing aggression against Ukraine. This focus is consistent with their objective to uncover operational capabilities and potential vulnerabilities within Ukraine's defense sector.

Date

Published: May 31, 2024, 2:17 p.m.

Created: May 31, 2024, 2:17 p.m.

Modified: May 31, 2024, 2:34 p.m.

Indicators

f9f8ca7fa979766c168d7162df572f3549c7af2e707e5a5ac8e06bd352bb7399

a0a67412968c10224e04bfbe32e6012b34e4a4ecc36fc72332101b90acec8fa4

73.80.9.137

174.53.242.108

37.191.122.186

68.76.150.97

xzdgsdfhfgtjdfj.wuaze.com

xgfdstu6k.frge.io

ua-consumerpanel.frge.io

online-drive.infinityfreeapp.com

opendocuments.infinityfreeapp.com

online-download.infinityfreeapp.com

hatdfg-rhgreh684.frge.io

id-unconfirmeduser.frge.io

eoytfd39hbrspa3.m.pipedream.net

eoy6vrzslpn9vu.m.pipedream.net

eottxji4yk4vg5x.m.pipedream.net

eos93vb2cwsu3xf.m.pipedream.net

eomhv6vdu4v5qyt.m.pipedream.net

eogo85tybrrn2r.m.pipedream.net

eo1ws2wgj75rdfd.m.pipedream.net

eo6kgbwpysq0laa.m.pipedream.net

downloadable.infinityfreeapp.com

delivery-ukrinmash-service.infinityfreeapp.com

documents-cloud.infinityfreeapp.com

consumerpanel0x254a2.frge.io

file-download.infinityfreeapp.com

ukrprivacysite.frge.io

setnewcred.ukr.net.frge.io

panelunregistertle-348.frge.io

Attack Patterns

Headlace

BlueDelta

T1102.003

T1111

T1056.003

T1583.006

T1102.001

T1583.001

T1608.001

T1132.001

T1608.005

T1564.003

T1059.005

T1497.001

T1059.003

T1059.001

T1566.002

T1059.007

T1566.001

T1033

Additional Informations

Defense

NGO

Government

Azerbaijan

Ukraine