"We previously tracked this threat activity under the temporary designator TAG-53. We are now graduating this threat cluster to the cryptonym 'BlueCharlie' due to overlapping tactics, techniques, and procedures (TTPs) and our increased confidence that the activities we have observed are conducted by a Russia-based threat actor."
Insikt Group has observed BlueCharlie build new infrastructure, which includes 94 new domains.
Several of the TTPs currently seen in the recent operation depart from past activity, suggesting that BlueCharlie is evolving its operations, potentially in response to public disclosures of its operations in industry reporting. Since Insikt Group’s initial tracking of the group in September 2022, they have observed BlueCharlie engage in several TTP shifts. These shifts demonstrate that these threat actors are aware of industry reporting and show a certain level of sophistication in their efforts to obfuscate or modify their activity, aiming to stymie security researchers. Some of the changes in TTPs were also likely precipitated by the threat group’s increased awareness of operations security (OPSEC).
While Insikt Group was unable to determine victimology or targeting for this campaign at the time of this report, BlueCharlie has in the past targeted entities in the government, higher education, defense, and political sectors, as well as non-governmental organizations (NGOs), activists, journalists, think tanks, and national laboratories.
Potential victims in those sectors should improve their phishing defenses, implement FIDO2-compliant multi-factor authentication, use threat intelligence and attack surface intelligence for rapid and complete information, and educate third-party vendors on the risks involved. Failure to do so may result in the loss of credentials to business-critical resources, leaking of proprietary information related to business or national security, and damage to brand reputation for suffering a breach.
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more