HOMETHREATSBlueBottle
APT / THREAT GROUP💰 FINANCIALHIGH

BlueBottle

1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Bluebottle, a cyber-crime group that specializes in targeted attacks against the financial sector, is continuing to mount attacks on banks in Francophone countries. The group makes extensive use of living off the land, dual-use tools, and commodity malware, with no custom malware deployed in this campaign.

Threat Analysis

BlueBottle is a high-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like BlueBottle prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, BlueBottle is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Aliases1
SourceMalpedia

Also Known As

BlueBottle

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.