GRU-Linked BlueDelta Evolves Credential Harvesting Insikt Group reveals how GRU-linked BlueDelta evolved credential-harvesting campaigns targeting government, energy, and research organizations across Europe and Eurasia.

Today, we released new @RecordedFuture research detailing BlueDelta’s expanded credential-harvesting activity observed between February and September 2025. #BlueDelta #APT28 #FANCYBEAR #ForestBlizzard #FROZENLAKE #ITG05 #PawnStorm #Sednit #Sofacy #TA422 (1/5) www.recordedfuture.com/research/gru...

BlueDelta’s Persistent Campaign Against UKR.NET Discover how Russia’s BlueDelta targets UKR.NET users with advanced credential-harvesting campaigns, evolving tradecraft, and multi-stage phishing techniques.

Today, we released new @RecordedFuture research detailing BlueDelta’s sustained credential-harvesting campaign targeting UKR.NET users between June 2024 and April 2025. www.recordedfuture.com/research/blu...
#BlueDelta #APT28 #FANCYBEAR #ForestBlizzard #FROZENLAKE #PawnStorm #Sednit #Sofacy (1/5)

APT28 Operation Phantom Net Voxel APT28 Operation Phantom Net Voxel: weaponized Office lures, COM-hijack DLL, PNG stego to Covenant Grunt via Koofr, BeardShell on icedrive.

Great work by Sekoia uncovering new #BlueDelta #APT28 #Sofacy #FancyBear #ForestBlizzard #TAG110 malware samples. Linked to CERT-UA’s BeardShell & Covenant frameworks + revealed fresh weaponized docs & subtle TTPs. Activity ties to Russia-nexus ops incl. Double-Tap. blog.sekoia.io/apt28-operat...

UK uncovers novel Microsoft snooping malware, blames GRU : Fancy Bear can't keep its claws out of Outlook inboxes

UK uncovers novel #Microsoft snooping #malware, blames and sanctions GRU cyberspies
www.theregister.com/2025/07/20/u...

UK govt warns that Russia's #APT28 (aka #FancyBear or #ForestBlizzard) harvesting email credentials & stealing access to accounts.
#CyberSecurity #InfoSec #CyberCrime

#CybersecurityAwareness
#TechniquesTacticsProcedures
#TTPs
#BestPractices
#CybersecurityAdvisory

#EDR
#EndpointDetectionAndResponse
#IndicatorsOfCompromise
#IOCs
#ReconnaissanceActivities
#Unit26165
#APT28
#FancyBear
#ForestBlizzard
#BlueDelta

#CSOLife

This 👇 💯❗️📣⚠️

Windows vulnerability reported by the NSA exploited to install Russian malware Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now.

Kremlin-backed hackers have been exploiting a Microsoft vulnerability for 4 years to target a vast array of organizations with a previously undocumented tool

#Microsoft #ForestBlizzard #Windows #russia #russian #malware #security #cybersecurity #hacking #hacked

arstechnica.com/security/202...