OYSTERBLUES information-stealer delivery via spear-phishing
Malware Activity
Summary
Hide ▲
Show ▼
The OYSTERBLUES malware activity used compromised accounts and spear-phishing to reach government organizations, increasing the risk of credential theft and follow-on account abuse. The payload was an information stealer, making the delivery chain especially relevant for sensitive-data collection. The activity was reported in late last month and was linked to UNC1151 in the source reporting.
Related Happenings
GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations
Campaign
H score39
First: 29.05.2026 01:24
Last: 29.05.2026 01:24
Sources 1
About this happening:
**GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...
GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations
CampaignAbout this happening: **GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...
TA551 campaign expands across multiple victims
Campaign
H score45
First: 25.03.2026 10:47
Last: 25.03.2026 10:47
Sources 1
About this happening:
The **TA551 / Mario Kart** operation ran a **massive spam-email malware campaign** that spread infections worldwide and enabled later access sales to ransomware crews. At peak, it...
TA551 campaign expands across multiple victims
CampaignAbout this happening: The **TA551 / Mario Kart** operation ran a **massive spam-email malware campaign** that spread infections worldwide and enabled later access sales to ransomware crews. At peak, it...
Kimsuky QR-code spear-phishing campaign against think tanks and government entities
Campaign
H score42
First: 09.01.2026 07:46
Last: 09.01.2026 07:46
Sources 1
About this happening:
The **FBI** warned that **Kimsuky (APT43)** is running a **QR-code spear-phishing campaign** that targets **think tanks, academic institutions, and U.S. and foreign government ent...
Kimsuky QR-code spear-phishing campaign against think tanks and government entities
CampaignAbout this happening: The **FBI** warned that **Kimsuky (APT43)** is running a **QR-code spear-phishing campaign** that targets **think tanks, academic institutions, and U.S. and foreign government ent...
Timeline
-
27.06.2026 20:27 2 articles · 1h ago
UNC1151 spear-phishing campaign delivers OYSTERBLUES to government organizations
Attribution UpdateLate last month, CERT-UA attributed a spear-phishing campaign to UNC1151 (aka Ghostwriter and UAC-0057) that used compromised accounts to deliver the OYSTERBLUES information stealer to government organizations.
Show sources
- Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials — thehackernews.com — 27.06.2026 20:27
- Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials — thehackernews.com — 27.06.2026 20:27