Throughout the three phases, BlueDelta used phishing emails, legitimate internet services LIS, and living off-the-land binaries LOLBins) to extract intelligence from key networks across Europe. They have engaged in credential harvesting campaigns aimed at Yahoo and UKR.]net users, as well as dedicated victim mail servers. BlueDelta’s recent operations have targeted the Ukrainian Ministry of Defence, Ukrainian weapons import and export companies, European railway infrastructure enterprises, and a think tank based in Azerbaijan. BlueDelta’s espionage activities reflect a broader strategy aimed at gathering intelligence on entities with military significance to Russia in the context of its ongoing aggression against Ukraine. This focus is consistent with their objective to uncover operational capabilities and potential vulnerabilities within Ukraine’s defense sector.

Click for details (pdf file).