Russian BlueDelta hackers ran phishing campaign against Ukrainian webmail users

Source: The Record

Russian state-backed hackers have run a months-long phishing campaign against users of UKR.NET, a popular Ukrainian webmail and news service, in an effort to harvest credentials and gather intelligence. The operation — active from Ju. 2024 through Apr. 2025 — was attributed to BlueDelta, also known as APT28, Fancy Bear or Forest Blizzard, according to a report published Dec. 17 by Recorded Future’s Insikt Group. Researchers said the campaign likely aimed to collect sensitive information from Ukrainian users in support of broader Russian intelligence objectives. Insikt observed the hackers setting up multiple fake login pages designed to mimic UKR.NET’s authentication portal. Victims were lured through phishing emails containing PDF attachments with embedded links to the fraudulent pages. Full Story