GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns
May 31, 2024, 2:34 p.m.
Description
Throughout the three phases, BlueDelta used phishing emails, legitimate internet services LIS, and
living off-the-land binaries LOLBins) to extract intelligence from key networks across Europe. They
have engaged in credential harvesting campaigns aimed at Yahoo and
UKR.]net users, as well as
dedicated victim mail servers. BlueDelta’s recent operations have targeted the Ukrainian Ministry of
Defence, Ukrainian weapons import and export companies, European railway infrastructure enterprises,
and a think tank based in Azerbaijan. BlueDelta's espionage activities reflect a broader strategy aimed at gathering intelligence on entities
with military significance to Russia in the context of its ongoing aggression against Ukraine. This focus
is consistent with their objective to uncover operational capabilities and potential vulnerabilities within
Ukraine's defense sector.
Date
| Published | Created | Modified |
|---|---|---|
| May 31, 2024, 2:17 p.m. | May 31, 2024, 2:17 p.m. | May 31, 2024, 2:34 p.m. |
Indicators
f9f8ca7fa979766c168d7162df572f3549c7af2e707e5a5ac8e06bd352bb7399
a0a67412968c10224e04bfbe32e6012b34e4a4ecc36fc72332101b90acec8fa4
73.80.9.137
174.53.242.108
37.191.122.186
68.76.150.97
Attack Patterns
Headlace
BlueDelta
T1102.003
T1111
T1056.003
T1583.006
T1102.001
T1583.001
T1608.001
T1132.001
T1608.005
T1564.003
T1059.005
T1497.001
T1059.003
T1059.001
T1566.002
T1059.007
T1566.001
T1033
Additional Informations
Defense
NGO
Government
Azerbaijan
Ukraine