uTalk

Official forum for Utopia Community

You are not logged in.

#1 2023-08-03 22:54:52

thrive
Member
Registered: 2023-01-04
Posts: 1,919

BlueCharlie, a Russian cyberterrorist, modifies infrastructure in resp

94 new domains have been connected to a Russa-nexus adversary, indicating that the organization is actively changing its infrastructure in response to information about its activities being made public.

The new infrastructure was connected to a threat actor known as BlueCharlie by cybersecurity firm Recorded Future. This hacking group also goes by the names Blue Callisto, Callisto (or Calisto), COLDRIVER, Star Blizzard (formerly SEABORGIUM), and TA446. Threat Activity Group 53 (TAG-53), a provisional name for BlueCharlie, was previously assigned.

According to a recent technical report shared with The Hacker News, the company, "These shifts demonstrate that these threat actors are aware of industry reporting and show a certain level of sophistication in their efforts to obfuscate or modify their activity, aiming to stymie security researchers.".

The threat actor BlueCharlie has been connected to phishing campaigns that target credential theft by using domains that pose as the login pages of private sector companies, nuclear research labs, and non-governmental organizations (NGOs) working to alleviate the Ukraine crisis. BlueCharlie is believed to be affiliated with Russia's Federal Security Service (FSB). It's reportedly been operational since at least 2017.

According to a statement made by Sekoia earlier this year, "Calisto collection activities probably contribute to Russian efforts to disrupt Kiev's supply-chain for military reinforcements.". Additionally, Russian intelligence gathering regarding evidence of war crimes is probably done in order to foresee and develop a defense against accusations in the future. ".


BlueCharlie.

Another NISOS report released in January 2023 revealed possible links between the group's attack infrastructure and a Russian firm that works with local governments.

Recorded Future stated that "BlueCharlie has carried out persistent phishing and credential theft campaigns that further enable intrusions and data theft," adding that the actor conducts thorough reconnaissance to increase the likelihood of its attacks' success.

According to the most recent research, BlueCharlie has adopted a new naming scheme for its domains that include words like cloudrootstorage[ that are connected to cryptocurrencies and information technology.
Com, directexpressgateway.
[.com, storagecryptogate.
]com, as well as pdfsecxcloudroute[. ]com.

According to reports, 78 of the 94 new domains were registered using NameCheap. Porkbun and Regway are a couple of the other domain registrars employed.

It is advised that organizations implement phishing-resistant multi-factor authentication (MFA), disable macros by default in Microsoft Office, and enforce a frequent password reset policy to reduce threats posed by state-sponsored advanced persistent threat (APT) groups.

"The group uses relatively common attack methods (such as the use of phishing and a historical reliance on open-source offensive security tools), but its likely continued use of these methods, determined posture, and progressive evolution of tactics suggests the group remains formidable and capable," the company stated.

Offline

Board footer

Powered by FluxBB