216.73.216.109

BlueDelta Evolves Credential Harvesting

· Published 08/01/2026 11:41 · Modified 08/01/2026 12:44

Export JSON

Essential information

Published
08/01/2026 11:41
Modified
08/01/2026 12:44
Tags
2026-01-08 credential harvesting phishing tunneling services
Related entities
2 observables, 1 intrusion sets (apt), 10 others

Description

Between February and September 2025, BlueDelta, a Russian state-sponsored threat group linked to the GRU, conducted multiple credential-harvesting campaigns. The group targeted individuals associated with energy research, defense cooperation, and government communication networks in Turkey, Europe, North Macedonia, and Uzbekistan. BlueDelta impersonated legitimate webmail and VPN services, using free hosting and to host content and capture user data. The campaigns incorporated PDF lures and customized JavaScript to increase authenticity and operational efficiency. This activity demonstrates BlueDelta's continued focus on low-cost, high-yield methods for collecting information supporting Russian intelligence objectives.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

External references