Bluekit alliance reshapes ransomware ecosystem operations
Threat Actor Meta
Summary
Hide ▲
Show ▼
Bluekit's AI-assisted phishing kit has expanded into an all-in-one service, lowering the barrier for cybercriminal operators and signaling a more industrialized phishing market. It bundles 40+ templates for major email, cloud, developer, and crypto services, including Outlook, Gmail, iCloud, GitHub, and Ledger. The platform's AI Assistant panel supports models such as Llama, GPT-4.1, Claude, Gemini, and DeepSeek to help generate campaign drafts.
Related Happenings
Bluekit adopts rrweb-based BitM session streaming for login theft
Technical Analysis
H score34
First: 25.06.2026 18:00
Last: 25.06.2026 18:00
Sources 1
How related:
A new report from digital risk protection company Netcraft warns that Bluekit has switched from adversary-in-the-middle to a BitM mechanism that uses the open-source JavaScript library ‘rrweb’ to serialize the page’s DOM and stream it over a WebSocket connection to the victim.
About this happening:
**Bluekit** has added **browser-in-the-middle (BitM)** login theft to its phishing stack, increasing the risk of **session-token theft** and **account takeover**. The mechanism us...
Bluekit adopts rrweb-based BitM session streaming for login theft
Technical AnalysisHow related: A new report from digital risk protection company Netcraft warns that Bluekit has switched from adversary-in-the-middle to a BitM mechanism that uses the open-source JavaScript library ‘rrweb’ to serialize the page’s DOM and stream it over a WebSocket connection to the victim.
About this happening: **Bluekit** has added **browser-in-the-middle (BitM)** login theft to its phishing stack, increasing the risk of **session-token theft** and **account takeover**. The mechanism us...
Sniper Dz free PhaaS ecosystem rebranded to scale phishing operations
Threat Actor Meta
H score43
First: 12.06.2026 11:52
Last: 12.06.2026 11:52
Sources 1
About this happening:
A long-running **Sniper Dz** ecosystem operated as a **free phishing-as-a-service (PhaaS)** platform that repeatedly rebranded, lowering the barrier for large-scale credential the...
Sniper Dz free PhaaS ecosystem rebranded to scale phishing operations
Threat Actor MetaAbout this happening: A long-running **Sniper Dz** ecosystem operated as a **free phishing-as-a-service (PhaaS)** platform that repeatedly rebranded, lowering the barrier for large-scale credential the...
Latest development: 15.06.2026 09:30
Fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations targeted users across the Middle East and North Africa with fake offers for free mobile internet packages, financial compensation, and government subsidy programs, then routed victims through Linkbio and Linktree decoy pages into Sniper Dz phishing and traffic monetization infrastructure that abuses browser notification permissions, back-button hijacking, tab-under redirections, premium SMS subscriptions, premium-rate calls, and investment scams.
Willow raises $7M seed round for AI agent IAM platform
Industry Action
H score10
First: 04.06.2026 17:22
Last: 04.06.2026 17:22
Sources 1
About this happening:
**Willow** emerged from stealth with **$7 million in seed funding**, giving the startup new capital to scale an **identity and access platform** for enterprise AI agents. The comp...
Willow raises $7M seed round for AI agent IAM platform
Industry ActionAbout this happening: **Willow** emerged from stealth with **$7 million in seed funding**, giving the startup new capital to scale an **identity and access platform** for enterprise AI agents. The comp...
GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations
Campaign
H score39
First: 29.05.2026 01:24
Last: 29.05.2026 01:24
Sources 1
About this happening:
**GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...
GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations
CampaignAbout this happening: **GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...
ATHR productized automated vishing platform for credential theft
Threat Actor Meta
H score39
First: 16.04.2026 17:09
Last: 16.04.2026 17:09
Sources 1
About this happening:
ATHR is turning **automated vishing** into a **productized underground service**, lowering the barrier for credential theft across **Google**, **Microsoft**, **Coinbase**, and oth...
ATHR productized automated vishing platform for credential theft
Threat Actor MetaAbout this happening: ATHR is turning **automated vishing** into a **productized underground service**, lowering the barrier for credential theft across **Google**, **Microsoft**, **Coinbase**, and oth...
Timeline
-
25.06.2026 18:00 1 articles · 14d ago
Bluekit adds BitM login theft and nearly 70 hostnames
Campaign Scope UpdateBluekit phishing-as-a-service added browser-in-the-middle (BitM) login theft and nearly 70 new hostnames over the past week. Netcraft said the kit now uses the open-source JavaScript library rrweb to serialize the page DOM and stream it over a WebSocket connection, while the live 5-second monitoring system and victim qualification checks remain in use.
Show sources
- Bluekit phishing kit adopts browser-in-the-middle for login theft — www.bleepingcomputer.com — 25.06.2026 18:00
-
30.04.2026 21:58 2 articles · 2mo ago
Bluekit phishing kit debuts with AI-assisted campaign drafting
Initial DisclosureBluekit emerges as a phishing kit offering more than 40 templates for Outlook, Hotmail, Gmail, Yahoo, ProtonMail, iCloud, GitHub, Ledger, and other services, alongside an AI Assistant panel that supports Llama, GPT-4.1, Claude, Gemini, and DeepSeek to help draft phishing emails and campaign skeletons. The platform also bundles domain purchase and registration, phishing page setup, campaign management, anti-analysis controls, real-time session monitoring, and Telegram-based exfiltration, while Varonis found placeholder content in the limited AI output and described the system as under active development.
Show sources
- New Bluekit phishing service includes an AI assistant, 40 templates — www.bleepingcomputer.com — 30.04.2026 21:58
- New Bluekit phishing service includes an AI assistant, 40 templates — www.bleepingcomputer.com — 30.04.2026 21:58