Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

BlueBravo’s GraphicalProton Backdoor

July 31, 2023
Reading Time: 2 mins read
in Alerts
BlueBravo’s GraphicalProton Backdoor

 

The Russian nation-state actor, BlueBravo, has been engaging in cyber espionage against diplomatic entities in Eastern Europe, employing a new backdoor named GraphicalProton.

Recorded Future’s report highlights the phishing campaign’s use of legitimate internet services (LIS) for command-and-control obfuscation, observed between March and May 2023. BlueBravo, also known as APT29, has previously evaded detection using services such as Dropbox, Firebase, Google Drive, Notion, and Trello to establish covert communications with compromised hosts.

GraphicalProton is the latest addition to BlueBravo’s arsenal of malware targeting diplomatic organizations, following GraphicalNeutrino, HALFRIG, and QUARTERRIG. In contrast to GraphicalNeutrino’s use of Notion, GraphicalProton employs Microsoft’s OneDrive or Dropbox for communication, demonstrating the group’s efforts to diversify and expand its tools for strategic targeting.

BlueBravo seems to prioritize cyber espionage against European government sector entities, potentially due to Russia’s interest in gathering strategic data during and after the war in Ukraine. The new malware strain functions as a loader and is delivered via phishing emails with vehicle-themed lures, similar to an intrusion set reported by Palo Alto Networks Unit 42 earlier.

The ISO files in these emails contain .LNK files posing as .PNG images of a BMW car for sale, leading to the deployment of GraphicalProton when clicked. The malware utilizes Microsoft OneDrive as a command-and-control service, periodically polling a designated folder for additional payloads.

Researchers emphasize the importance of network defenders recognizing the potential misuse of legitimate services within their enterprise to prevent data exfiltration attempts.

Concurrently, the Computer Emergency Response Team of Ukraine (CERT-UA) warns of ongoing phishing attacks by the UAC-0006 group, intensifying efforts to persuade users into installing the SmokeLoader backdoor. As BlueBravo continues to evolve its tactics, cybersecurity measures remain crucial in safeguarding against such state-sponsored threats.

Reference:
  • BlueBravo Adapts to Target Diplomatic Entities with GraphicalProton Malware
Tags: BackdoorBlueBravoCyber AlertCyber Alerts 2023CybersecurityEuropeGraphicalProtonJuly 2023PhishingRussiaVulnerabilities
ADVERTISEMENT

Related Posts

Fileless Remcos RAT Delivery Via LNK Files

APT28 RoundPress Webmail Hack Steals Emails

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

Fileless Remcos RAT Delivery Via LNK Files

May 16, 2025
HTTPBot DDoS Threat To Windows Systems

Horabot Malware Targets LatAm Via Phishing

May 15, 2025
HTTPBot DDoS Threat To Windows Systems

Google Patches Chrome Account Takeover Bug

May 15, 2025
HTTPBot DDoS Threat To Windows Systems

HTTPBot DDoS Threat To Windows Systems

May 15, 2025

Latest Alerts

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Google Patches Chrome Account Takeover Bug

Horabot Malware Targets LatAm Via Phishing

HTTPBot DDoS Threat To Windows Systems

Subscribe to our newsletter

    Latest Incidents

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    Dior Breach Exposes Asian Customer Data

    Australian Human Rights Body Files Leaked

    Nucor Cyberattack Halts Plants Networks

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial