Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- CISA Adds Five Known Exploited Vulnerabilities to Catalog
May 4, 2022
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the ...
- Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw
May 3, 2022
Hardware and software makers are scrambling to determine if their wares suffer from a critical vulnerability recently discovered in third-party code libraries used by hundreds of vendors, including Netgear, Linksys, Axis, and the Gentoo embedded Linux distribution. The flaw makes it possible for hackers with access to the connection between an affected device and the Internet ...
- New ransomware strains linked to North Korean govt hackers
May 3, 2022
Several ransomware strains have been linked to APT38, a North Korean-sponsored hacking group known for its focus on targeting and stealing funds from financial institutions worldwide. They’re also known for deploying destructive malware on their victims’ networks during the last stage of their attacks, likely to destroy any traces of their activity. Christiaan Beek, a lead threat ...
- Update on cyber activity in Eastern Europe
May 3, 2022
Google’s Threat Analysis Group (TAG) has been closely monitoring the cybersecurity activity in Eastern Europe with regard to the war in Ukraine. Since our last update, TAG has observed a continuously growing number of threat actors using the war as a lure in phishing and malware campaigns. Similar to other reports, we have also observed ...
- Chinese cyber-espionage group Moshen Dragon targets Asian telcos
May 2, 2022
Researchers have identified a new cluster of malicious cyber activity tracked as Moshen Dragon, targeting telecommunication service providers in Central Asia. While this new threat group has some overlaps with “RedFoxtrot” and “Nomad Panda,” including the use of ShadowPad and PlugX malware variants, there are enough differences in their activity to follow them separately. According to a ...
- Spanish PM, defense minister latest Pegasus spyware victims
May 2, 2022
Spain’s prime minister and defense minister are the latest elected officials to detect Pegasus spyware on their mobile phones, according to multiple media reports quoting Spanish authorities. During a press conference on Monday, Félix Bolaños, the minister for the presidency, told reporters that cellphones of Spanish prime minister Pedro Sánchez and defense minister Margarita Robles were ...