Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates
March 7, 2022
Since 2020, Proofpoint researchers have observed TA416, an actor assessed to be aligned with the Chinese state, utilizing web bugs to profile their targets. Commonly referred to as tracking pixels, web bugs embed a hyperlinked non-visible object within the body of an email that, when enabled, will attempt to retrieve a benign image file from ...
- Deep dive: Vulnerabilities in ZTE router could lead to complete attacker control of the device
March 7, 2022
Cisco Talos’ vulnerability research team disclosed multiple vulnerabilities in the ZTE MF971R wireless hotspot and router in October. Several months removed from that disclosure and ZTE’s patch, researchers decided to take an even closer look at two of these vulnerabilities — CVE-2021-21748 and CVE-2021-21745 — to show how they could be chained together by an ...
- SharkBot malware hides as Android antivirus in Google Play
March 5, 2022
SharkBot banking malware has infiltrated the Google Play Store, the official Android app repository, posing as an antivirus with system cleaning capabilities. Although the trojan app was far from popular, its presence in Play Store shows that malware distributors can still bypass Google’s automatic defenses. The app is still present in Google’s store at the moment ...
- Russia shares list of 17,000 IPs allegedly DDoSing Russian orgs
March 5, 2022
The Russian government shared a list of 17,576 IP addresses allegedly used to launch distributed denial-of-service (DDoS) attacks targeting Russian organizations and their networks. The list was shared by the National Coordination Center for Computer Incidents (NKTsKI), an organization created by Russia’s Federal Security Service (FSB), together with guidance to defend against the attacks and ...
- National Security Agency Cybersecurity Technical Report: Network Infrastructure Security Guidance
March 4, 2022
Guidance for securing networks continues to evolve as new vulnerabilities are exploited by adversaries, new security features are implemented, and new methods of securing devices are identified. Improper configuration, incorrect handling of configurations, and weak encryption keys can expose vulnerabilities in the entire network. All networks are at risk of compromise, especially if devices are not properly ...
- CISA Adds 95 Known Exploited Vulnerabilities to Catalog
March 3, 2022
CISA has added 95 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the ...