Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Security experts told how you can effectively protect yourself from the growing threat.
Recorded Future researchers have recorded a surge in activity from the BlueCharlie cybercriminal group, whose hackers have registered 94 new domain names since March 2023. According to experts, the group is actively modifying its infrastructure in response to public disclosure of information about its activities.
The BlueCharlie group, also known as Blue Callisto, Callisto, COLDRIVER, Star Blizzard, and TA446, routinely conducts credential-stealing phishing attacks using fake login pages for companies, research labs, and various non-profit organizations.
According to Recorded Future, in the latest malware campaign, BlueCharlie changed its domain naming schemes to include keywords related to IT and cryptocurrencies. For example: "cloudrootstorage[.]com", "directexpressgateway[.]com", "storagecryptogate[.]com", and "pdfsecxcloudroute[.]com".
It is reported that 78 out of 94 new domains are registered with NameCheap domain name registrar. Other registrars used include Porkbun and Regway.
Experts recommend that companies implement anti-phishing protection, disable macros in office applications, and change passwords regularly. Despite using generic methods, the BlueCharlie remains a dangerous faction that evolves and innovates their tactics.
The emergence of a new infrastructure suggests that hackers monitor mentions of themselves in the media and try to make it difficult to analyze their activity. However, the rapid detection of changes allows security professionals to respond to threats in a timely manner.
Recorded Future researchers have recorded a surge in activity from the BlueCharlie cybercriminal group, whose hackers have registered 94 new domain names since March 2023. According to experts, the group is actively modifying its infrastructure in response to public disclosure of information about its activities.
The BlueCharlie group, also known as Blue Callisto, Callisto, COLDRIVER, Star Blizzard, and TA446, routinely conducts credential-stealing phishing attacks using fake login pages for companies, research labs, and various non-profit organizations.
According to Recorded Future, in the latest malware campaign, BlueCharlie changed its domain naming schemes to include keywords related to IT and cryptocurrencies. For example: "cloudrootstorage[.]com", "directexpressgateway[.]com", "storagecryptogate[.]com", and "pdfsecxcloudroute[.]com".
It is reported that 78 out of 94 new domains are registered with NameCheap domain name registrar. Other registrars used include Porkbun and Regway.
Experts recommend that companies implement anti-phishing protection, disable macros in office applications, and change passwords regularly. Despite using generic methods, the BlueCharlie remains a dangerous faction that evolves and innovates their tactics.
The emergence of a new infrastructure suggests that hackers monitor mentions of themselves in the media and try to make it difficult to analyze their activity. However, the rapid detection of changes allows security professionals to respond to threats in a timely manner.
