GRU-Linked BlueDelta Evolves Credential Harvesting
Summary
Insikt Group has discovered that BlueDelta, a threat actor linked to the GRU, has evolved its credential-harvesting campaigns. The group is targeting government, energy, and research organizations located across Europe and Eurasia. The report details the group's tactics, techniques, and procedures (TTPs).
IFF Assessment
The evolution of a GRU-linked group's credential harvesting techniques poses an increased threat to targeted organizations.
Severity
Defender Context
Defenders need to be aware of the evolving TTPs employed by BlueDelta, particularly related to credential harvesting. Organizations in government, energy, and research sectors across Europe and Eurasia should prioritize monitoring for suspicious login attempts and implement multi-factor authentication where possible. Tracking known GRU-linked activity and adapting defenses accordingly is crucial.