FlagThis - #WhatsApp

Russian threat actor Star Blizzard has been identified using a new spear-phishing campaign targeting WhatsApp accounts. This tactic marks a departure from their previous methods, which primarily involved sending spear-phishing emails with malicious links. Now, the group sends messages prompting targets to join WhatsApp groups, where their credentials can be harvested. The change in tactics is likely an attempt to evade detection after their previous methods and infrastructure were exposed, including the seizure of over 180 domains used by the group for phishing attacks in 2023 and 2024.

This campaign, which appears to have concluded at the end of November 2024, primarily focused on individuals within government, diplomacy, defense policy, and international relations, including researchers focusing on Russia and those providing assistance to Ukraine. The spear-phishing emails often pose as communications from a U.S. government official and contain a QR code leading to the compromised WhatsApp group. This shift in strategy highlights the group's adaptability and their continued efforts to gather intelligence through sophisticated social engineering.


References :

• Metacurity: Microsoft says that Russia's Star Blizzard sent spearphishing messages to journalists, think tanks, and NGOs asking them to join a WhatsApp group.
• The Hacker News: Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting
• www.microsoft.com: The campaign highlights the evolving nature of cyber threats, necessitating constant adaptation of security measures to counter such targeted attacks.
• gbhackers.com: GBHackers reports on Star Blizzard exploiting WhatsApp accounts.
• The Register - Security: Russia's Star Blizzard phishing crew caught targeting WhatsApp accounts
• The Cyber Express: Russian Star Blizzard is Now After Your WhatsApp Data
• ciso2ciso.com: Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups – Source: www.securityweek.com
• ciso2ciso.com: Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups – Source: www.securityweek.com
• gbhackers.com: Russian Threat Actor “Star Blizzard” Exploit WhatsApp Accounts Using QR Codes
• Threats | CyberScoop: Microsoft catches Russian state-sponsored hackers shifting tactics to WhatsApp
• securityaffairs.com: Security Affairs reports on Russia-linked APT Star Blizzard targeting WhatsApp accounts.
• malware.news: WhatsApp spear phishing campaign uses QR codes to add device
• Malwarebytes: This campaign, dubbed Star Blizzard by Microsoft, shifts from previous tactics focused on malicious links to QR codes, aiming to establish initial rapport before launching attacks.
• www.cybersecurity-insiders.com: Cybersecurity Insiders article on Microsoft exposing the Star Blizzard campaign.
• The Register - Security: Russia’s Star Blizzard phishing crew caught targeting WhatsApp accounts
• BleepingComputer: Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations.
• bsky.app: Researchers expose the Russian-linked Star Blizzard threat actor's attempt to compromise WhatsApp accounts.
• www.cybersecurity-insiders.com: Microsoft security researchers detail a new spear-phishing campaign run by the Russian threat group Star Blizzard targeting WhatsApp accounts.
• Microsoft Security Blog: Microsoft threat intelligence uncovered the spear-phishing campaign, detailing the tactics and targets.
• BleepingComputer: Russian threat actor Star Blizzard uses malicious QR codes to compromise WhatsApp accounts.
• www.bleepingcomputer.com: Russian group Star Blizzard using fake WhatsApp invites to target government officials and Ukraine supporters.
• securityonline.info: Star Blizzard Shifts Tactics: Spear-Phishing Campaign Targets WhatsApp Accounts
• Security Affairs: Russia-linked APT Star Blizzard targets WhatsApp accounts
• www.helpnetsecurity.com: How Russian hackers went after NGOs’ WhatsApp accounts
• bsky.app: Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations.
• securityonline.info: The Russian threat actor known as Star Blizzard is deploying spear phishing campaigns to access the WhatsApp accounts of high-profile targets.
• Techzine Global: Star Blizzard hackers abuse WhatsApp against diplomats
• socradar.io: New spear phishing campaign by the Russian threat actor Star Blizzard (a.k.a. UNC4057, Callisto, and ColdRiver).
• BleepingComputer: Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations.

Classification:

• HashTags: #StarBlizzard #WhatsAppPhishing #SpearPhishing
• Company: Microsoft
• Target: Government, diplomacy, defense, and international relations
• Attacker: Star Blizzard
• Product: WhatsApp
• Feature: spear phishing
• Type: Espionage
• Severity: Medium

A US judge has ruled that the Israeli software company NSO Group is liable for hacking 1,400 WhatsApp users using its Pegasus spyware. The court found that NSO Group exploited a vulnerability in WhatsApp to target journalists, activists, politicians, and other individuals. NSO Group has been found to have violated the Computer Fraud & Abuse Act and the California Comprehensive Computer Data Access and Fraud Act, along with breaching its contract with WhatsApp.

This ruling is a major victory for WhatsApp, which initiated legal action in 2019. The judge rejected NSO Group's argument that it was not liable, as their clients were investigating crimes and national security matters. A trial will now proceed to determine the damages that NSO Group will owe WhatsApp. This landmark decision is being seen as a precedent for other companies in the spyware industry.


References :

• Hacker News: US judge finds Israel's NSO Group liable for hacking journalists via WhatsApp L: C: posted on 2024.12.20 at 20:38:23 (c=0, p=5)
• toot.majorshouse.com: Israeli software group is being held liable for attacks on journalists, activists, and politicians. Pegasus spyware maker NSO Group is liable for attacks on 1,400 WhatsApp users
• The Verge: Pegasus spyware maker NSO Group is liable for attacks on 1,400 WhatsApp users
• Techmeme: A US judge finds NSO Group liable for exploiting a bug in WhatsApp to spy on 1,400 users and that WhatsApp is entitled to sanctions against NSO (Joseph Menn/Washington Post)
• bsky.app: major victory for WhatsApp in this finding of NSO Grp liability. really is a landmark. spyware like Pegasus is like a silent virus, aiming to leave no fingerprints. thanks not only to WhatsApp for bringing this action but orgs like @citizenlab.ca for exposing NSO in the first place!
• Martin: Mastodon post about the NSO Group liability.
• Osint10x: Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices
• DataBreaches.Net: US Court Finds NSO Liable For Hacking Of WhatsApp Using Pegasus Malware
• Techmeme: A US judge finds NSO Group liable for exploiting a bug in WhatsApp to spy on 1,400 users and that WhatsApp is entitled to sanctions against NSO
• www.techmeme.com: Techmeme post about the NSO Group being found liable.
• CCC: WhatsApp prevailed against over NSO’s abuse of the messaging app to enable the infiltration of phones of journalists, activists and dissidents with its hacking tool
• www.engadget.com: Judge finds spyware-maker NSO Group liable for attacks on WhatsApp users
• International homepage: WhatsApp prevailed against over NSO’s abuse of the messaging app to enable the infiltration of phones of journalists, activists and dissidents with its hacking tool
• www.courtlistener.com: IT'S FRIDAY NIGHT AND YOU KNOW WHAT THAT MEANS. IT'S TIME FOR reading the WhatsApp v. NSO Group court docket
• cyberinsider.com: Pegasus Spyware Maker NSO Liable for 1,400 WhatsApp User Hacks
• CyberScoop: Judge grants ruling in favor of WhatsApp against spyware firm NSO Group
• BleepingComputer: A U.S. federal judge has ruled that Israeli spyware maker NSO Group violated U.S. hacking laws by using WhatsApp zero-days to deploy Pegasus spyware on at least 1,400 devices.
• CyberInsider: Pegasus Spyware Maker NSO Liable for 1,400 WhatsApp User Hacks
• jbz: US judge finds Israel's NSO Group liable for hacking in WhatsApp lawsuit
• securityaffairs.com: U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit
• cyberscoop.com: Judge grants ruling in favor of WhatsApp against spyware firm NSO Group
• www.bleepingcomputer.com: US court finds spyware maker NSO liable for WhatsApp hacks
• techcrunch.com: WhatsApp scores historic victory against NSO Group in long-running spyware hacking case
• AAKL: WhatsApp scores historic victory against NSO Group in long-running spyware hacking case
• Carly Page: WhatsApp has scored a historic victory against NSO Group after a US judge said the Israeli spyware maker breached hacking laws by using the messaging platform to stealthily infect devices with Pegasus
• The Hacker News: Meta Platforms-owned WhatsApp scored a major legal victory in its fight against Israeli commercial spyware vendor NSO Group after a federal judge in the U.S. state of California ruled in favor of the messaging giant for exploiting a security vulnerability to deliver Pegasus.
• ciso2ciso.com: A U.S. court ruled in favor of WhatsApp against NSO Group, holding the spyware vendor liable for exploiting a flaw to deliver Pegasus spyware. WhatsApp won a legal case against NSO Group in a U.S. court over exploiting a vulnerability to deliver Pegasus spyware.
• Cybernews: Before 2020, Pegasus infected 1,400 devices to surveil WhatsApp. Last week, a US court held NSO Group liable for computer crimes.
• ciso2ciso.com: CISO2CISO reports on U.S. Court ruling against NSO Group in WhatsApp spyware lawsuit.
• Risk and Resilience: Risk and Resilience reports about WhatsApp securing a landmark ruling against Pegasus Spyware in hacking lawsuit.
• ciso2ciso.com: Spyware Maker NSO Group Liable for WhatsApp User Hacks
• Schneier on Security: Spyware Maker NSO Group Found Liable for Hacking WhatsApp
• ciso2ciso.com: Spyware Maker NSO Group Liable for WhatsApp User Hacks
• riskandresilience.info: WhatsApp Secures Landmark Ruling Against Pegasus Spyware in Hacking Lawsuit
• www.theguardian.com: WhatsApp wins legal case against NSO Group in Pegasus spyware lawsuit.
• DMR News: WhatsApp Defeats NSO Group in Long-Running Pegasus Spyware Case
• securityonline.info: Pegasus Spyware: Court Finds NSO Group Liable for 1,400 Infections
• Pyrzout :vm:: Spyware Maker NSO Group Liable for WhatsApp User Hacks – Source: www.infosecurity-magazine.com
• Cyber Security News: WhatsApp Wins 5-Year Battle Over NSO’s Pegasus Spyware Attacks
• ciso2ciso.com: WhatsApp Wins Lawsuit Against Israeli Spyware Maker NSO Group – Source:hackread.com
• ciso2ciso.com: Spyware Maker NSO Group Found Liable for Hacking WhatsApp – Source: www.schneier.com
• ciso2ciso.com: Spyware Maker NSO Group Found Liable for Hacking WhatsApp – Source: www.schneier.com
• Pyrzout :vm:: Spyware Maker NSO Group Found Liable for Hacking WhatsApp – Source: www.schneier.com
• iHLS: Court Rules NSO Group Liable for WhatsApp Surveillance Using Pegasus Malware
• Pyrzout :vm:: WhatsApp Wins Lawsuit Against Israeli Spyware Maker NSO Group – Source:hackread.com &Legalities

Classification:

• HashTags: #NSOGroup #WhatsApp #Pegasus
• Company: WhatsApp
• Target: WhatsApp Users
• Product: WhatsApp
• Feature: spyware exploit
• Malware: Pegasus
• Type: Hack
• Severity: Major