Official forum for Utopia Community
You are not logged in.
A Russa-nexus adversary has links to 94 new domains, which suggests that the organization is actively changing its infrastructure in response to information being made public about its operations.
The new infrastructure was linked by the cybersecurity company Recorded Future to a threat actor it monitors under the name BlueCharlie, a hacking group also known as Blue Callisto, Callisto (or Calisto), COLDRIVER, Star Blizzard (formerly SEABORGIUM), and TA446. Threat Activity Group 53 (TAG-53), a provisional name for BlueCharlie, was previously assigned.
The company stated in a recent technical report shared with The Hacker News that "these shifts demonstrate that these threat actors are aware of industry reporting and show a certain level of sophistication in their efforts to obfuscate or modify their activity, aiming to stymie security researchers.".
According to assessments, BlueCharlie is connected to Russia's Federal Security Service (FSB). The threat actor has been involved in phishing campaigns that target credential theft by using domains that impersonate the login pages of private sector businesses, nuclear research facilities, and non-governmental organizations (NGOs) working to alleviate the Ukraine crisis. It's reportedly been operational since at least 2017.
Sekoia noted earlier this year that "calisto collection activities probably contribute to Russian efforts to disrupt Kiev's supply-chain for military reinforcements.". Furthermore, Russian intelligence gathering on evidence related to war crimes is probably done to prepare a defense against potential accusations. ".
BlueCharlie.
NISOS released another report in January 2023 that suggested there might be ties between the group's attack infrastructure and a Russian firm that works with the country's government.
Recorded Future stated that "BlueCharlie has carried out persistent phishing and credential theft campaigns that further enable intrusions and data theft," adding that the actor conducts thorough reconnaissance to increase the likelihood of its attacks' success.
The most recent discoveries demonstrate that BlueCharlie has adopted a new naming pattern for its domains that include terms associated with cryptocurrencies and information technology, such as cloudrootstorage[.
DirectExpressGateway, ]com.
]com, storagecryptogate [.
[pdfsecxcloudroute] and [com. ]com.
One source claims that NameCheap was used to register 78 of the 94 new domains. Porkbun and Regway are a few of the additional domain registrars used.
It is advised that organizations implement phishing-resistant multi-factor authentication (MFA), disable macros by default in Microsoft Office, and enforce a frequent password reset policy to reduce threats posed by state-sponsored advanced persistent threat (APT) groups.
"The group uses relatively common attack methods (such as the use of phishing and a historical reliance on open-source offensive security tools), but its likely continued use of these methods, determined posture, and progressive evolution of tactics suggests the group remains formidable and capable," the company said.
Offline