BlueDelta
BlueDelta is a Russian state-sponsored threat actor described as GRU-affiliated. Reporting attributes to BlueDelta an ongoing espionage campaign (as of 2026-01-09) primarily targeting the energy sector/energy organizations, highlighting a focus on critical infrastructure. The actor has been reported conducting credential-harvesting activity and targeting Turkish and broader European organizations. Tactically, BlueDelta has been described as abusing free applications as part of its intrusion approach to facilitate compromise of targeted organizations.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
BlueDelta is conducting espionage operations targeting the energy sector, abusing free applications as part of their attack methodology.
Credential-harvesting campaigns targeting energy, nuclear research, and think tank organizations in Turkey, Europe, and Central Asia.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.