Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware
May 31, 2022
Trend Micro researchers observed vulnerability CVE-2022-29464 being exploited in the wild since April, allowing unrestricted file uploads resulting to arbitrary remote code execution (RCE). Disclosed and patched in April, the security gap was ranked Critical at 9.8 and affects a number of WSO2 products. It requires no user interaction and administrative privileges for abuse, and ...
- Italy warns organizations to brace for incoming DDoS attacks
May 30, 2022
Italy’s Computer Security Incident Response Team (CSIRT) has issued an urgent alert to raise awareness about the high risk of cyberattacks against national entities on Monday. The type of cyberattack the Italian organization refers to is DDoS (distributed denial-of-service), which may not be catastrophic but can still cause damage, financial or otherwise, due to service outages ...
- Zero-day vuln in Microsoft Office: ‘Follina’ will work even when macros are disabled
May 30, 2022
Infosec researchers have idenitied a zero-day code execution vulnerability in Microsoft’s ubiquitous Office software. Dubbed “Follina”, the vulnerability has been floating around for a while (cybersecurity researcher Kevin Beaumont traced it back to a report made to Microsoft on April 12) and uses Office functionality to retrieve a HTML file which in turn makes use of ...
- Australian digital driving licenses can be defaced in minutes
May 30, 2022
An Australian digital driver’s license (DDL) implementation that officials claimed is more secure than a physical license has been shown to easily defaced, but authorities insist the credential remains secure. New South Wales, Australia’s most populous state, launched its DDL program in 2019, and as of 2021 officials there said that slightly more than half of ...
- CISA and DoD Release 5G Security Evaluation Process Investigation Study
May 26, 2022
CISA and the Department of Defense (DoD) have released their 5G Security Evaluation Process Investigation Study for federal agencies. The new features, capabilities, and services offered by fifth-generation (5G) cellular network technology can transform mission and business operations; and federal agencies will eventually be applying different 5G usage scenarios: low-, mid-, and high-band spectrum. The study ...
- FBI: Compromised US Academic Credentials Identified Across Various Public and Dark Web Forums
May 26, 2022
The FBI is informing academic partners of identified US college and university credentials advertised for sale on online criminal marketplaces and publically accessible forums. This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations. Cyber actors continue to conduct attacks against US ...