2025-01-17 16:36:15 Pacfic
Russian Star Blizzard Targets WhatsApp Accounts - 16h
Russian threat actor Star Blizzard has been identified using a new spear-phishing campaign targeting WhatsApp accounts. This tactic marks a departure from their previous methods, which primarily involved sending spear-phishing emails with malicious links. Now, the group sends messages prompting targets to join WhatsApp groups, where their credentials can be harvested. The change in tactics is likely an attempt to evade detection after their previous methods and infrastructure were exposed, including the seizure of over 180 domains used by the group for phishing attacks in 2023 and 2024.
This campaign, which appears to have concluded at the end of November 2024, primarily focused on individuals within government, diplomacy, defense policy, and international relations, including researchers focusing on Russia and those providing assistance to Ukraine. The spear-phishing emails often pose as communications from a U.S. government official and contain a QR code leading to the compromised WhatsApp group. This shift in strategy highlights the group's adaptability and their continued efforts to gather intelligence through sophisticated social engineering.
ImgSrc: www.microsoft.com
References:
- @metacurity - Microsoft says that Russia's Star Blizzard sent spearphishing messages to journalists, think tanks, and NGOs asking them to join a WhatsApp group. - 18h
- The Hacker News - Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting - 18h
- www.microsoft.com - New Star Blizzard spear-phishing campaign targets WhatsApp accounts - 18h
- gbhackers.com - GBHackers reports on Star Blizzard exploiting WhatsApp accounts. - 11h
- The Register - Security: Cyber-crime - Russia's Star Blizzard phishing crew caught targeting WhatsApp accounts - 3h
- The Cyber Express - Russian Star Blizzard is Now After Your WhatsApp Data - 1h
Classification:
- HashTags: StarBlizzard WhatsAppPhishing SpearPhishing
- Company: Microsoft
- Target: Government, diplomacy, defense, and international relations
- Attacker: Star Blizzard
- Product: WhatsApp
- Feature: spear phishing
- Type: Espionage
- Severity: Medium