CyberSecurity news

FlagThis - #WhatsAppPhishing

@www.microsoft.com //
Russian threat actor Star Blizzard has been identified using a new spear-phishing campaign targeting WhatsApp accounts. This tactic marks a departure from their previous methods, which primarily involved sending spear-phishing emails with malicious links. Now, the group sends messages prompting targets to join WhatsApp groups, where their credentials can be harvested. The change in tactics is likely an attempt to evade detection after their previous methods and infrastructure were exposed, including the seizure of over 180 domains used by the group for phishing attacks in 2023 and 2024.

This campaign, which appears to have concluded at the end of November 2024, primarily focused on individuals within government, diplomacy, defense policy, and international relations, including researchers focusing on Russia and those providing assistance to Ukraine. The spear-phishing emails often pose as communications from a U.S. government official and contain a QR code leading to the compromised WhatsApp group. This shift in strategy highlights the group's adaptability and their continued efforts to gather intelligence through sophisticated social engineering.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Metacurity: Microsoft says that Russia's Star Blizzard sent spearphishing messages to journalists, think tanks, and NGOs asking them to join a WhatsApp group.
  • The Hacker News: Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting
  • www.microsoft.com: The campaign highlights the evolving nature of cyber threats, necessitating constant adaptation of security measures to counter such targeted attacks.
  • gbhackers.com: GBHackers reports on Star Blizzard exploiting WhatsApp accounts.
  • The Register - Security: Russia's Star Blizzard phishing crew caught targeting WhatsApp accounts
  • The Cyber Express: Russian Star Blizzard is Now After Your WhatsApp Data
  • ciso2ciso.com: Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups – Source: www.securityweek.com
  • ciso2ciso.com: Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups – Source: www.securityweek.com
  • gbhackers.com: Russian Threat Actor “Star Blizzard” Exploit WhatsApp Accounts Using QR Codes
  • Threats | CyberScoop: Microsoft catches Russian state-sponsored hackers shifting tactics to WhatsApp
  • securityaffairs.com: Security Affairs reports on Russia-linked APT Star Blizzard targeting WhatsApp accounts.
  • malware.news: WhatsApp spear phishing campaign uses QR codes to add device
  • Malwarebytes: This campaign, dubbed Star Blizzard by Microsoft, shifts from previous tactics focused on malicious links to QR codes, aiming to establish initial rapport before launching attacks.
  • www.cybersecurity-insiders.com: Cybersecurity Insiders article on Microsoft exposing the Star Blizzard campaign.
  • The Register - Security: Russia’s Star Blizzard phishing crew caught targeting WhatsApp accounts
  • BleepingComputer: Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations.
  • bsky.app: Researchers expose the Russian-linked Star Blizzard threat actor's attempt to compromise WhatsApp accounts.
  • www.cybersecurity-insiders.com: Microsoft security researchers detail a new spear-phishing campaign run by the Russian threat group Star Blizzard targeting WhatsApp accounts.
  • Microsoft Security Blog: Microsoft threat intelligence uncovered the spear-phishing campaign, detailing the tactics and targets.
  • BleepingComputer: Russian threat actor Star Blizzard uses malicious QR codes to compromise WhatsApp accounts.
  • www.bleepingcomputer.com: Russian group Star Blizzard using fake WhatsApp invites to target government officials and Ukraine supporters.
  • securityonline.info: Star Blizzard Shifts Tactics: Spear-Phishing Campaign Targets WhatsApp Accounts
  • Security Affairs: Russia-linked APT Star Blizzard targets WhatsApp accounts
  • www.helpnetsecurity.com: How Russian hackers went after NGOs’ WhatsApp accounts
  • bsky.app: Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations.
  • securityonline.info: The Russian threat actor known as Star Blizzard is deploying spear phishing campaigns to access the WhatsApp accounts of high-profile targets.
  • Techzine Global: Star Blizzard hackers abuse WhatsApp against diplomats
  • socradar.io: New spear phishing campaign by the Russian threat actor Star Blizzard (a.k.a. UNC4057, Callisto, and ColdRiver).
  • BleepingComputer: Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations.
Classification:
  • HashTags: #StarBlizzard #WhatsAppPhishing #SpearPhishing
  • Company: Microsoft
  • Target: Government, diplomacy, defense, and international relations
  • Attacker: Star Blizzard
  • Product: WhatsApp
  • Feature: spear phishing
  • Type: Espionage
  • Severity: Medium