Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- Who tracked internet users in 2021–2022
November 25, 2022
Every time you go online, someone is watching over you. The services you use, the websites you visit, the apps on your phone, smart TVs, gaming consoles, and any networked devices collect data on you with the help of trackers installed on web pages or in software. The websites and services send this data to ...
- Google pushes emergency Chrome update to fix 8th zero-day in 2022
November 25, 2022
Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year. The high-severity flaw is tracked as CVE-2022-4135 and is a heap buffer overflow in GPU, discovered by Clement Lecigne of Google’s Threat Analysis Group on November 22, 2022. “Google is aware ...
- Meta links US military to fake social media influence campaigns
November 24, 2022
In its latest quarterly threat report, Meta said it had detected and disrupted influence operations originating in the US, and it calls out those it believes are responsible: the American military. Meta said it picked up on three major covert influence operations on its platforms in the third quarter of the year, the first of which ...
- UK: Government departments ordered to stop installing cameras made by Chinese firms in ‘sensitive sites’
November 24, 2022
Government departments have been told to stop installing cameras made by Chinese firms in “sensitive sites”. They have also been urged to disconnect Chinese-made devices from core computer networks and to consider removing them altogether, amid security concerns. The Government Security Group has said that since companies in China have to comply with the country’s national intelligence ...
- European Parliament Putin things back together after cyber attack
November 24, 2022
The European Parliament has experienced a cyber attack that started not long after it declared Russia to be a state sponsor of terrorism. The attack appears to have made part of the Parliament’s website inoperable and made access impossible for a few hours. A pro-Russian group called KILLNET appears to have claimed responsibility for the attack in ...
- Ducktail hackers now use WhatsApp to phish for Facebook Ad accounts
November 23, 2022
A cybercriminal operation tracked as Ducktail has been hijacking Facebook Business accounts causing losses of up to $600,000 in advertising credits. The gang has been spotted before using malware to steal Facebook-related information and hijack associated business accounts to run their own ads that are paid for by the victim. Believed to be the work of a ...