Russian state-sponsored hackers, linked to APT28 (BlueDelta), have launched targeted credential-harvesting campaigns against organizations in Turkey, Europe, North Macedonia, and Uzbekistan. These campaigns use sophisticated phishing tactics and legitimate service infrastructures to steal credentials and support Russian intelligence efforts. #APT28 #BlueDelta #GRU #CredentialHarvesting #PhishingAttacks
Keypoints
- APT28, also known as BlueDelta, is responsible for recent credential-harvesting campaigns targeting various organizations.
- The attacks utilize fake login pages resembling Microsoft Outlook Web Access, Google, and Sophos VPN portals.
- Threat actors use legitimate hosting services like webhook.site, InfinityFree, and ngrok to host phishing pages and exfiltrate data.
- Phishing emails include shortened links that redirect victims to decoy documents and spoofed login sites.
- These campaigns highlight ongoing Russian intelligence operations aimed at harvesting credentials efficiently and covertly.
Read More: https://thehackernews.com/2026/01/russian-apt28-runs-credential-stealing.html