Russian state-backed hacking group BlueCharlie, also known as COLDRIVER, Calisto, or Star Blizzard/SEABORGIUM, has been establishing new attack infrastructure as it seeks to continue cyberespionage, credential theft, and hack-and-leak operations aimed at Ukraine and NATO nations, amid increasingly prevalent public disclosures regarding its activities, reports The Record, a news site by cybersecurity firm Recorded Future.
Aside from shifting from Porkbun to NameCheap for domain registrations, BlueCharlie has also transitioned to leveraging hyphenated words in URLs when posing as legitimate organizations in its latest intrusions, according to a report from Recorded Future's Insikt Group.
"This shift in tactics away from trailing URL structures to the new hyphenated, random-word naming convention has stymied the identification of victims and targeting by the group in this most recent campaign," said researchers.
The report also noted that BlueCharlie has included the MIRhosting, Perfect Quality Hosting, and Stark Industries platforms in its attack infrastructure, with attackers also conducting extensive reconnaissance through open sources.