Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- CISA Adds One Known Exploited Vulnerability to Catalog
April 3, 2023
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. CVE-2022-27926 Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Urgent warning issued to Irish Gmail and Chrome users as hackers access personal data
April 3, 2023
People are being urged to be aware of hackers attempting to gain access to personal emails through Google Chrome with a new type of malware. Scammers are using a fake Chrome browser extension known as AF in a bid to get data from Gmail inboxes, with cybersecurity experts warning that victims of this scam were tricked ...
- Ukrainian cops nab suspects accused of stealing $4.3m from victims across Europe
April 1, 2023
Ukrainian cops have arrested two suspects and detained 10 others for their alleged roles in a cybercrime gang that used phishing scams and phony online marketplaces to steal more than $4.3 million from over 1,000 victims across Europe. The fraudsters created more than 100 phishing sites to obtain victims’ bank card information and access their accounts, ...
- CVE-2023-23397 – Microsoft Outlook Privilege Escalation
March 31, 2023
On March 14, 2023, Microsoft released a patch for CVE-2023-23397. CVE-2023-23397 is a vulnerability in the Windows Microsoft Outlook client that can be exploited by sending a specially crafted email that triggers automatically when it is processed by the Outlook client. No user interaction is required to trigger the exploit. Exploitation of the vulnerability will leak ...
- Mac Malware MacStealer Spreads as Fake P2E Apps
March 30, 2023
Trend Micro researchers analyzed a Mac malware called MacStealer (detected by Trend Micro as TrojanSpy.MacOS.CpypwdStealer.A), a cryptocurrency wallet and information stealer disguised as a plagiarized version of a legitimate play-to-earn (P2E) game app. We posted a warning for users to avoid this threat early; this article discusses the technical details of the malware and the ...
- CISA Adds Ten Known Exploited Vulnerabilities to Catalog
March 30, 2023
CISA has added ten new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2013-3163 Microsoft Internet Explorer Memory Corruption Vulnerability CVE-2014-1776 Microsoft Internet Explorer Memory Corruption Vulnerability CVE-2017-7494 Samba Remote Code Execution Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency