"Russia-Based Hackers Building New Attack Infrastructure to Stay Ahead of Public Reporting"
Due to increased public reporting by security researchers and technology companies such as Microsoft and Google, a Russia-based hacking group connected to previous attacks on governments is shifting tactics. According to a report from Recorded Future, since March 2023, the group tracked as BlueCharlie, has established new infrastructure to launch attacks against various targets. BlueCharlie aims to collect information, steal credentials, and conduct hack-and-leak operations against Ukraine and North Atlantic Treaty Organization (NATO) nations. Several companies track the group as Calisto, COLDRIVER, or Star Blizzard/SEABORGIUM. It has previously targeted different government, higher education, defense, and political sector organizations, as well as non-governmental organizations (NGOs), activists, journalists, think tanks, and national laboratories. Recorded Future's Insikt Group could not determine who was targeted in this campaign but said they have observed it register 94 new domains as part of its new infrastructure building. According to the researchers, several tactics, techniques, and procedures (TTPs) observed in BlueCharlie's current operation deviate from previous activity, suggesting that the group is evolving its operations in response to public disclosures of its activities. This article continues to discuss recent findings and observations regarding BlueCharlie.