BlueBravo Targets European Diplomats with GraphicalProton Backdoor July 28, 2023 Cyber Espionage / Malware The Russian state-sponsored group known as BlueBravo has been detected attacking diplomatic entities in Eastern Europe with the intent of deploying a new backdoor malware dubbed GraphicalProton. This move highlights the ongoing evolution of cyber threats, according to a recent report from Recorded Future. The phishing campaign, active from March to May 2023, employs legitimate internet services (LIS) to obscure command-and-control (C2) activities. BlueBravo, also referred to as APT29, Cloaked Ursa, and Midnight Blizzard (formerly Nobelium), is linked to Russia’s Foreign Intelligence Service (SVR) and has historically utilized platforms like Dropbox, Firebase, Google Drive, Notion, and Trello to bypass detection and maintain covert communication with compromised systems. GraphicalProton marks the latest in a series of malware targeting diplomatic organizations, following GraphicalNeutrino (SNOWYAMBER), HALFRIG, and QUARTERRIG.
BlueBravo Deploys GraphicalProton Backdoor Targeting European Diplomatic Entities On July 28, 2023, reports emerged detailing a sophisticated cyber espionage campaign orchestrated by the Russian state-sponsored group known as BlueBravo. This threat actor has turned its focus towards diplomatic institutions located in Eastern Europe, utilizing a newly developed backdoor named GraphicalProton.…