Intel Name: Bluealpha abuses cloudflare tunneling service for gammadrop staging infrastructure
Date of Scan: April 8, 2025
Impact: High
Summary: BlueAlpha is a state-sponsored cyber threat group linked to the Russian Federal Security Service (FSB), with ties to known groups such as Gamaredon, Shuckworm, Hive0051, and UNC530. Active since at least 2014, BlueAlpha persistently targets Ukrainian organizations through aggressive spearphishing campaigns. Since October 2023, they have deployed custom VBScript malware, GammaLoad, to facilitate data exfiltration, credential theft, and maintain long-term access to compromised systems.
