Scienza et MagiaAug 7, 2023

Hacker russi esifiltrano informazioni in Europa. BlueBravo, backdoor GraphicalProton contro l'UE: di cosa si tratta? Il gruppo di cybercriminali russi BlueBravo sta diffondendo GraphicalProton nel contesto europeo: ecco di cosa si tratta.
Il collettivo connesso con la Russia noto come BlueBravo ...

#backdoor #BlueBravo #CYBERCRIMINE #esfiltrareinformazioni #fileISO #fileZIP #GraphicalProton #Hackerrussi #phishing

https://scienzamagia.eu/misteri-ufo/hacker-russi-esifiltrano-informazioni-in-europa/

Hacker russi esifiltrano informazioni in Europa

BlueBravo, backdoor GraphicalProton contro l'UE: di cosa si tratta? Il gruppo di cybercriminali russi BlueBravo sta diffondendo GraphicalProton nel contesto eu

securityaffairsJul 28, 2023
Russian #APT #BlueBravo targets diplomatic entities with #GraphicalProton #backdoor
https://securityaffairs.com/148920/apt/bluebravo-graphicalproton-backdoor.html
#securityaffairs #hacking #malware
Russian APT BlueBravo targets diplomatic entities with GraphicalProton backdoor

Russia-linked BlueBravo has been spotted targeting diplomatic entities in Eastern Europe with the GraphicalProton Backdoor. The Russia-linked threat-state actor BlueBravo (aka APT29, Cloaked Ursa, and Midnight Blizzard, Nobelium) has been observed targeting diplomatic entities throughout Eastern Europe. The group was observed conducting a spear-phishing campaign with the end goal of infecting recipients with a new backdoor […]

Security Affairs
Julian-Ferdinand VögeleJul 28, 2023
My colleagues discovered new samples of the custom malware #GraphicalNeutrino and a new strain of malware with very similar characteristics named #GraphicalProton by #BlueBravo (a threat activity overlapping with #APT29 or Midnight Blizzard). For more details, also on how and which legitimate internet services (LIS) are increasingly being abuse, check out the report: https://go.recordedfuture.com/hubfs/reports/cta-2023-0727-1.pdf
Julian-Ferdinand VögeleJan 28, 2023
My colleagues identified staging infrastructure from #BlueBravo (activity overlapping with #APT29 and NOBELIUM) hosting #GraphicalNeutrino malware within a malicious ZIP file. Besides using a compromised website as part of the lure operation, the use of #Notion for C2 is particularly interesting: https://www.recordedfuture.com/bluebravo-uses-ambassador-lure-deploy-graphicalneutrino-malware
BlueBravo Uses Ambassador Lure to Deploy GraphicalNeutrino Malware | Recorded Future

Recorded Future's Insikt Group examines new activity from the Russian threat actor group, BlueBravo, targeting countries with a nexus to the Ukraine crisis.