Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- New Linux malware brute-forces SSH servers to breach networks
August 4, 2022
A new botnet called ‘RapperBot’ is being used in attacks since mid-June 2022, focusing on brute-forcing its way into Linux SSH servers to establish a foothold on the device. The researchers show that RapperBot is based on the Mirai trojan but deviates from the the original malware’s normal behavior, which is uncontrolled propagation to as many ...
- Critical RCE vulnerability impacts 29 models of DrayTek routers
August 4, 2022
Researchers at Trellix have discovered a critical unauthenticated remote code execution (RCE) vulnerability impacting 29 models of the DrayTek Vigor series of business routers. The vulnerability is tracked as CVE-2022-32548 and carries a maximum CVSS v3 severity score of 10.0, categorizing it as critical. The attacker does not need credentials or user interaction to exploit the vulnerability, ...
- Post-quantum crypto cracked in an hour with one core of an ancient Xeon
August 3, 2022
One of the four encryption algorithms the US National Institute of Standards and Technology (NIST) recommended as likely to resist decryption by quantum computers has had holes kicked in it by researchers using a single core of an Intel Xeon CPU, released in 2013. The Supersingular Isogeny Key Encapsulation (SIKE) algorithm was chosen by NIST just ...
- DDoS attacks in Q2 2022
August 3, 2022
Politically-motivated cyberattacks dominated the DDoS landscape in the second quarter of 2022 just as they did in the previous reporting period. ALtahrea Team, a group targeting NATO and its partners, attacked public transportation websites in Israel and the United Kingdom. Israel saw a cyberattack on the Airports Authority, and UK, an attack on the Port ...
- Vulnerabilities in Alyac antivirus program could stop virus scanning, cause code execution
August 3, 2022
Cisco Talos recently discovered out-of-bounds read and buffer overflow vulnerabilities in ESTsecurity Corp.’s Alyac antivirus software that could cause a denial-of-service condition or arbitrary code execution. Alyac is an antivirus software developed for Microsoft Windows machines. TALOS-2022-1452 (CVE-2022-21147) is a vulnerability that exists in a specific Alyac module that, eventually, leads to a crash of Alyac’s ...
- Examining New DawDropper Banking Dropper and DaaS on the Dark Web
August 2, 2022
Malicious actors have been surreptitiously adding a growing number of banking trojans to Google Play Store via malicious droppers this year, proving that such a technique is effective in evading detection. Additionally, because there is a high demand for novel ways to distribute mobile malware, several malicious actors claim that their droppers could help other ...