Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- APIC fail: Intel ‘Sunny Cove’ chips with SGX spill secrets
August 9, 2022
A group of computer scientists has identified an architectural error in certain recent Intel CPUs that can be abused to expose SGX enclave data like private encryption keys. They call it ÆPIC Leak because it affects the memory-mapped registers of the local Advanced Programmable Interrupt Controller (APIC), which helps the CPU handle interrupt requests from various ...
- Oil and Gas Cybersecurity: Industry Overview Part 1
August 8, 2022
The oil and gas industry is no stranger to major cybersecurity attacks, attempting to disrupt operations and services. Most of the best understood attacks against the oil industry are initial attempts to break into the corporate networks of oil companies. Geopolitical tensions can cause major changes not only in physical space, but also in cyberspace. In ...
- New GwisinLocker ransomware encrypts Windows and Linux ESXi servers
August 6, 2022
A new ransomware family called ‘GwisinLocker’ targets South Korean healthcare, industrial, and pharmaceutical companies with Windows and Linux encryptors, including support for encrypting VMware ESXi servers and virtual machines. The new malware is the product of a lesser-known threat actor dubbed Gwisin, which means “ghost” in Korean. The actor is of unknown origin but appears to ...
- Twitter breach exposed anonymous account owners
August 5, 2022
A vulnerability in Twitter’s software that exposed an undetermined number of owners of anonymous accounts to potential identity compromise last year was apparently exploited by a malicious actor, the social media company said Friday. It did not confirm a report that data on 5.4 million users was offered for sale online as a result but said ...
- Taiwanese military reports DDoS in wake of Pelosi visit
August 4, 2022
Taiwan’s Ministry of National Defense confirmed it was hit by a DDoS attack on Wednesday in what has been an eventful week for the island nation, US-Sino relations, and semiconductors. The ministry said the network was attacked around 23:40 with connection restored by 00:30 local time on Thursday. Cabinet spokesperson Lo Ping-cheng said work on heightening ...
- Attackers leveraging Dark Utilities “C2aaS” platform in malware campaigns
August 4, 2022
In early 2022, a new C2 platform called “Dark Utilities” was established, offering a variety of services such as remote system access, DDoS capabilities and cryptocurrency mining. The operators of the service also established Discord and Telegram communities where they provide technical support and assistance for customers on the platform. Dark Utilities provides payloads consisting of ...