Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

BlueCharlie Hacker Group Builds a 94-Domain Password Stealing Platform

Threat actors are evolving their techniques and tools at a rapid pace that is completely changing the current threat scenario.

BlueCharlie is a Russia-linked threat group that has been active since 2017 and associated with several other names like:-

  • Callisto
  • ColdRiver 
  • Star Blizzard
  • TA446

While this threat group, BlueCharlie (aka TAG-53), mainly focuses on espionage and leak operations.

Recently, researchers at Recorded Future linked 94 new domains from March 2023 to BlueCharlie, indicating infrastructure modifications in response to public disclosures.

BlueCharlie’s evolved TTPs and advanced infrastructure showcase adaptability to disclosures, enhancing operational security.

At the moment, their current targets are unknown, but their past targets are the following:-

  • Government
  • Defense
  • Education
  • Political sectors
  • NGOs
  • Journalists
  • Think tanks
Breakdown of terms used in BlueCharlie activity (Source – Recorded Future)

BlueCharlie Hacker Group New Infrastructure

Insikt Group notes BlueCharlie’s 94 new domains and changed TTPs, signifying evolution in response to industry disclosures, likely for phishing or credential harvesting.

Moreover, the Insikt Group has tracked BlueCharlie since Sep 2022, and since then, they have been witnessing multiple drastic TTP shifts.

Apart from this, major Shifts like these indicate the threat actors’ industry awareness and sophisticated obfuscation to prevent cybersecurity experts.

BlueCharlie adopts a new domain naming pattern with IT and crypto-related keywords like:-

  • cloudrootstorage[.]com
  • directexpressgateway[.]com
  • storagecryptogate[.]com
  • pdfsecxcloudroute[.]com

Out of 94 new domains, 78 were registered via NameCheap, and others are registered through the following registrar:-

  • Porkbun
  • Regway

Recommendations

Here below, we have mentioned all the recommendations offered by the security researchers:-

  • The network defenders should improve their phishing defenses.
  • Make sure to implement FIDO2-compliant multi-factor authentication.
  • Use threat intelligence and report.
  • Make sure to educate third-party vendors.
  • In Microsoft Office, make sure to disable macros by default.
  • Ensure to implement a frequent password reset policy.

Source: https://cybersecuritynews.com/bluecharlie-hacker-group-infrastructure/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

In recent findings from Check Point Research, a significant phishing attack targeting more than 40 prominent Colombian companies has been uncovered.  The attackers behind this campaign...

Cyber Security

According to recent reports, a threat actor has compromised the confidential information of 3,200 Airbus vendors. The exposed data includes sensitive details such as...

Cyber Security

A group of Researchers unearthed critical code Proton Mail vulnerabilities that could have jeopardized the security of Proton Mail, a renowned privacy-focused webmail service. ...

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO