VERY IMPORTANT

Between February and September 2025, BlueDelta, a Russian state-sponsored threat group linked to the GRU, conducted multiple credential-harvesting campaigns. The group targeted individuals associated with energy research, defense cooperation, and government communication networks in Turkey, Europe, North Macedonia, and Uzbekistan. BlueDelta impersonated legitimate webmail and VPN services, using free hosting and tunneling services to host phishing content and capture user data. The campaigns incorporated PDF lures and customized JavaScript to increase authenticity and operational efficiency. This activity demonstrates BlueDelta's continued focus on low-cost, high-yield methods for collecting information supporting Russian intelligence objectives.