Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner
January 19, 2023
Yum! Brands, the fast food brand operator of KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill fast-food restaurant chains, has been targeted by a ransomware attack that forced the closure of 300 locations in the United Kingdom. Yum! Brands operates 53,000 restaurants across 155 countries and territories, with over $5 billion in total assets ...
- Following the LNK metadata trail
January 19, 2023
Microsoft announced at the beginning of 2022 that they would soon start to disable macros by default in Office documents downloaded from the Internet. They implemented the changes around June, only to remove the feature later that month. The feature was finally re-enabled by the end of July. Cisco Talos observed threat actors reacting to ...
- Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)
January 19, 2023
Mandiant is tracking a suspected China-nexus campaign believed to have exploited a recently announced vulnerability in Fortinet’s FortiOS SSL-VPN, CVE-2022-42475, as a zero-day. Evidence suggests the exploitation was occurring as early as October 2022 and identified targets include a European government entity and a managed service provider located in Africa. Mandiant identified a new malware they ...
- Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
January 19, 2023
Roaming Mantis (a.k.a Shaoye) is well-known as a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal device information; it also uses phishing pages to steal user credentials, with a strong financial motivation. Kaspersky has been investigating the actor’s activity throughout 2022, and we observed a DNS changer ...
- “Payzero” Scams and The Evolution of Asset Theft in Web3
January 18, 2023
Web3 is a lucrative emerging technology where many participants seek quick profit via the different methods of monetization for their online assets. What makes Web3 different from what’s typically called Web2 is that its users are not only participants but are also the owners of digital assets. Web3 users no longer employ the traditional user ...
- MailChimp discloses new breach after employees got hacked
January 18, 2023
Email marketing firm MailChimp suffered another breach after hackers accessed an internal customer support and account administration tool, allowing the threat actors to access the data of 133 customers. MailChimp says the attackers gained access to employee credentials after conducting a social engineering attack on Mailchimp employees and contractors. Read more… Source: Bleeping Computer