A Russian state-sponsored hacking group, BlueDelta, has launched sophisticated credential-harvesting attacks targeting energy research and government organizations across Europe and the Middle East. They utilize legitimate web services and impersonate trusted portals to stealthily steal login information, reflecting a strategic evolution in their cyber espionage tactics. #BlueDelta #GRU
Keypoints
- BlueDelta is a Russian hacking group affiliated with the GRU that conducts cyber espionage operations.
- The groupβs recent campaign focused on high-value targets in energy, nuclear research, and government sectors in Europe and the Middle East.
- They use legitimate web services and fake login pages to hide their credential-harvesting activities.
- BlueDelta employs customized JavaScript and disposable infrastructure like ngrok and Webhook.site to automate and conceal attacks.
- Organizations in critical sectors should monitor unauthorized traffic to free hosting platforms and advanced intrusion indicators.