Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- DNA testing biz vows to improve infosec after criminals break into database it didn’t know it had
February 20, 2023
A DNA diagnostics company will pay $400,000 and tighten its security in the wake of a 2021 attack where criminals broke into its network and swiped personal data on over two million people from a nine-year-old “legacy” database the company forgot it had. The genetic testing firm, DNA Diagnostics Center (DDC) reached a settlement deal with ...
- Royal Ransomware expands attacks by targeting Linux ESXi servers
February 20, 2023
Ransomware actors have been observed to expand their targets by increasingly developing Linux-based versions. Trend Micro predicted in September 2022 that ransomware groups will would increasingly target Linux servers and embedded systems in the coming years after detecting a double-digit year-on-year (YoY) increase in attacks on these systems in the first half of 2022. In May ...
- GoDaddy joins the dots and realizes it’s been under attack for three years
February 20, 2023
Web hosting and domain name concern GoDaddy has disclosed a fresh attack on its infrastructure, and concluded that it is one of a series of linked incidents dating back to 2020. The business took the unusual step of detailing the attacks in its Form 10-K – the formal annual report listed entities are required to file ...
- Suffolk County starting to restore online services amid months-long cyberattack
February 18, 2023
Suffolk County has been suffering through a massive cyberattack for months, but progress has been made to restore security. Social security numbers of 26,000 county employees and drivers license numbers of 470,000 were exposed or accessed. Read more… Source: MSN News
- Earth Kitsune delivers new WhiskerSpy backdoor via watering hole attack
February 17, 2023
Trend Micro researchers discovered a new backdoor which Trend Micro have attributed to the advanced persistent threat actor known as Earth Kitsune, which they have covered before. Since 2019, Earth Kitsune has been distributing variants of self-developed backdoors to targets, primarily individuals who are interested in North Korea. In many of the cases, Trend Micro have ...
- Cisco’s ClamAV has a heckuva flaw
February 17, 2023
“A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code,” states Cisco’s security advisory, which identifies the issue as CVE-2023-20032. “This vulnerability is due to a missing buffer size check that may result in a ...