Russian BlueDelta (Fancy Bear) Uses PDFs to Steal Logins in Just 2 Seconds

New research from Recorded Future reveals how Russian state hackers (BlueDelta) are using fake Microsoft and Google login portals to steal credentials. The campaign involves using legitimate PDF lures from GRC and EcoClimate to trick victims.

Recent findings from the research firm Recorded Future’s Insikt Group reveal that it only takes two seconds of distraction for a professional’s private data to fall into the wrong hands.

According to Recorded Future’s latest blog post, a Russian state-sponsored hacking group, known as BlueDelta (or Fancy Bear), has been carrying out sneaky campaigns to steal login information from professionals worldwide.

Reportedly, betweet Feburary and September 2025, BlueDelta targeted individuals is specialised frields like energy and nuclear research, particularly in Türkiye and Europe. Researchers observed that the campaign’s objective seems to be credentials harvesting.

How the Scams Work

Researchers noted that the hackers are becoming much more convincing because, instead ...