BlueDelta’s Persistent Campaign Against UKR.NET

Pulse ID: 694b7812e882b4345a4d3a34
Pulse Link: https://otx.alienvault.com/pulse/694b7812e882b4345a4d3a34
Pulse Author: Tr1sa111
Created: 2025-12-24 05:20:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #NET #OTX #OpenThreatExchange #UK #Ukr #bot #Tr1sa111

BlueDelta’s Persistent Campaign Against UKR.NET

Pulse ID: 6943a5a76c7e0f7147e019ed
Pulse Link: https://otx.alienvault.com/pulse/6943a5a76c7e0f7147e019ed
Pulse Author: Tr1sa111
Created: 2025-12-18 06:56:39

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #NET #OTX #OpenThreatExchange #UK #Ukr #bot #Tr1sa111

BlueDelta’s Persistent Campaign Against UKR.NET

Pulse ID: 69439349843fc33b8cb09231
Pulse Link: https://otx.alienvault.com/pulse/69439349843fc33b8cb09231
Pulse Author: Tr1sa111
Created: 2025-12-18 05:38:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #NET #OTX #OpenThreatExchange #UK #Ukr #bot #Tr1sa111

BlueDelta’s Persistent Campaign Against UKR.NET

Between June 2024 and April 2025, a sustained credential-harvesting campaign targeting UKR.NET users was identified, attributed to the Russian state-sponsored threat group BlueDelta. The group deployed multiple credential-harvesting pages themed as UKR.NET login portals, leveraging free web services and proxy tunneling platforms to collect user credentials. BlueDelta distributed PDF lures with embedded links to evade detection. The campaign demonstrates the group's adaptability and persistent focus on Ukrainian user credentials for intelligence purposes. Infrastructure changes, including the transition to ngrok and Serveo, reflect responses to takedown efforts. The activity highlights the GRU's continued interest in compromising Ukrainian credentials amid ongoing conflict.

Pulse ID: 69430d7dd15ada5cf6e88f2e
Pulse Link: https://otx.alienvault.com/pulse/69430d7dd15ada5cf6e88f2e
Pulse Author: AlienVault
Created: 2025-12-17 20:07:25

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #NET #OTX #OpenThreatExchange #PDF #Proxy #RAT #Russia #UK #Ukr #Ukrainian #bot #AlienVault

Russian APT actor phishes the Baltics and the Balkans

A Russian Advanced Persistent Threat (APT) group has been targeting government entities in the Baltic and Balkan regions with sophisticated phishing campaigns. The attackers use email attachments spoofing official documents to lure victims into entering their credentials on fake login pages. The phishing pages employ blurred background images and complex password validation mechanisms. Stolen credentials are sent to a third-party service, even if they don't meet the specified complexity requirements. This campaign has been active since at least 2023, with various lures tailored to specific government targets in countries such as Moldova, Ukraine, Lithuania, Bosnia and Herzegovina, Macedonia, Montenegro, Spain, and Bulgaria.

Pulse ID: 69412b5a6b1d0f96c4b1cbba
Pulse Link: https://otx.alienvault.com/pulse/69412b5a6b1d0f96c4b1cbba
Pulse Author: AlienVault
Created: 2025-12-16 09:50:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bulgaria #CyberSecurity #Email #Government #ICS #InfoSec #Mac #OTX #OpenThreatExchange #Password #Phishing #Russia #SMS #Spain #UK #Ukr #Ukraine #Word #bot #AlienVault

Investigating the Infrastructure Behind DDoSia's Attacks

DDoSia, a participatory DDoS tool created by Russian hacktivists in 2022, is operated by the pro-Russian group NoName057(16). It relies on volunteers to contribute network resources for attacks, primarily targeting Ukraine, European allies, and NATO states. Censys has monitored DDoSia since mid-2025, observing an average of 6 control servers with short lifespans. The tool uses a multi-layered control infrastructure, with systems typically hosted on VPS providers. Despite law enforcement disruption in July 2025, DDoSia quickly reconstituted and resumed operations. The infrastructure is characterized by rapid changes, with most servers active for less than 24 hours. Attacks focus on government, military, transportation, public utilities, financial, and tourism sectors.

Pulse ID: 69412b5c6fb2a99780607ae9
Pulse Link: https://otx.alienvault.com/pulse/69412b5c6fb2a99780607ae9
Pulse Author: AlienVault
Created: 2025-12-16 09:50:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Censys #CyberSecurity #DDoS #DDoSia #DoS #Europe #Government #Hacktivist #InfoSec #LawEnforcement #Military #NATO #NoName057 #NoName05716 #OTX #OpenThreatExchange #RAT #RCE #Russia #UK #Ukr #Ukraine #bot #AlienVault

Máy bay không người lái (UAV) được cho là của Ukraine đã tấn công vào Moscow, buộc hệ thống phòng không Nga phải bắn hạ ít nhất 10 thiết bị. Thị trưởng Moscow Sergey Sobyanin xác nhận vụ việc, trong bối cảnh chiến sự tiếp tục leo thang. Trong diễn biến liên quan, một lính tình nguyện người Anh đã thiệt mạng tại Ukraine, danh tính chưa được tiết lộ. Căng thẳng Nga - Ukraine kéo dài tiếp tục thu hút sự quan tâm toàn cầu.

#UAV #Moscow #Ukraine #Nga #Anh #xungdot #the gioi #droneattack #Russia #Ukr