Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- Business Email Compromise Tactics Used to Facilitate the Acquisition of Commodities and Defrauding Vendors
March 24, 2023
The FBI warns the public of criminal actors using Business Email Compromise (BEC) schemes to facilitate the acquisition of a wide range of commodities. BEC is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business—both personal and professional. In many BEC scams, ...
- Uncle Sam reveals it sent cyber-soldiers to Albania to hunt for Iranian threats
March 24, 2023
US Cyber Command operators have confirmed they carried out an online defensive mission in Albania, in response to last year’s cyber attacks against the local government. Over the course of the three-month deployment, Cyber National Mission Force (CNMF) troops worked with their Albanian counterparts to hunt for cyber threats and identify vulnerabilities on networks in the ...
- CISA Releases Six Industrial Control Systems Advisories
March 23, 2023
CISA released six Industrial Control Systems (ICS) advisories on March 23, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-082-01 RoboDK ICSA-23-082-02 CP-Plus KVMS Pro ICSA-23-082-03 SAUTER EY-modulo 5 Building Automation Stations Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases Eight Industrial Control Systems Advisories
- Critical infrastructure gear is full of flaws, but hey, at least it’s certified
March 23, 2023
Devices used in critical infrastructure are riddled with vulnerabilities that can cause denial of service, allow configuration manipulation, and achieve remote code execution, according to security researchers. And most of these operational technology (OT) products – which include industrial control systems and related devices – claim security certifications, some of which they did not actually have. Read ...
- FBI Internet Crime Complaint Center Releases 2022 Statistics
March 22, 2023
In the recently released 2022 Internet Crime Report produced by the FBI’s Internet Crime Complaint Center (IC3), the numbers confirm that cyber actors continue to plague Americans by targeting U.S. networks, attacking critical infrastructure, holding our money and data for ransom, facilitating large-scale fraud schemes, and threatening our national security. IC3 received a total of ...
- Ransomware Attack Hits Ship-Tracking Firm Royal Dirkzwager
March 22, 2023
A team of ransomware hackers have published proprietary inside data allegedly obtained the Dutch shipping intelligence agency Royal Dirkzwager, according to cybsersecurity trade press. The leak purportedly include employee passports, contracts and other sensitive information. The hackers claim to have more data that is yet to be released, reports Security Week. Read more… Source: The Maritime Executive