The investigation revealed that Laundry Bear operates through three primary domain indicators: micsrosoftonline[.]com serving as the main spear-phishing platform utilizing Evilginx frameworks, ebsumrnit[.]eu functioning as a malicious email sender, and outlook-office[.]micsrosoftonline[.]com acting as an additional phishing subdomain. Microsoft’s initial reporting provided the foundation for deeper infrastructure analysis, revealing systematic patterns in domain registration and deployment that suggest coordinated campaign management across multiple operational phases. A sophisticated Russian state-sponsored advanced persistent threat (APT) group known as Laundry Bear has emerged as a significant cybersecurity concern, targeting NATO countries and Ukraine through an extensive campaign of espionage and intelligence gathering. The group registered multiple variations of the European Business Summit domain, including ebsumrnit[.]eu, ebsurnmit[.]eu, ebsummlt[.]eu, ebsummt[.]eu, ebsumlts[.]eu, and ebsum[.]eu, all utilizing the same infrastructure patterns and registration methodologies. The domains employ mailgun[.]org DNS records for email functionality, with each malicious domain configured with specific email subdomains pointing to Mailgun infrastructure through CNAME records. These discoveries expanded the known infrastructure footprint significantly, demonstrating the group’s extensive operational capabilities and long-term strategic planning in maintaining persistent access to target environments. Also tracked as Void Blizzard by Microsoft Threat Intelligence, this threat actor has been actively operating since at least April 2024, demonstrating advanced capabilities in social engineering and infrastructure obfuscation. Their attack methodology relies heavily on stolen credentials and session cookies for initial access, combined with sophisticated spear-phishing campaigns that utilize carefully crafted domain typosquats designed to deceive even security-conscious users. Validin analysts identified the threat actor’s infrastructure through comprehensive analysis of initially reported indicators, uncovering a complex web of malicious domains and supporting infrastructure. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The threat group’s operational security demonstrates sophisticated planning and execution. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 28 Jul 2025 19:30:30 +0000