The Insikt Group has identified evolving tactics used by the GRU’s BlueDelta, targeting European networks with Headlace malware and credential-harvesting web pages. BlueDelta’s operations spanned from April to December 2023, employing phishing, compromised internet services, and living off-the-land binaries to gather intelligence.
Their targets included Ukraine’s Ministry of Defence, European transportation infrastructure, and an Azerbaijani think tank, indicating Russia’s strategy to influence regional and military affairs.
Russia’s GRU continues its sophisticated cyber-espionage activities amid ongoing geopolitical tensions. According to Insikt Group, BlueDelta has methodically targeted key European networks with custom malware and credential harvesting techniques.
From April to December 2023, BlueDelta deployed the Headlace malware in three phases, using geofencing to focus on networks in Europe, particularly in Ukraine. The malware was disseminated through phishing emails that often mimicked legitimate communications. BlueDelta also exploited legitimate internet services (LIS) and living off-the-land binaries (LOLBins), blending their malicious activities into normal network traffic to evade detection.
A significant aspect of BlueDelta’s operations is its credential harvesting efforts. They targeted services such as Yahoo and UKR[.]net, employing ad
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: