Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- Canadian province health care system disrupted by cyberattack
November 1, 2021
The Canadian province of Newfoundland and Labrador has suffered a cyberattack that has led to severe disruption to healthcare providers and hospitals. The attack took place on October 30th, causing regional health systems to shut down their networks and cancel thousands of medical appointments. This outage affected health systems in Central Health, Eastern Health, Western Health, ...
- Spam and phishing in Q3 2021
November 1, 2021
This summer and early fall saw some major international sporting events. The delayed Euro 2020 soccer tournament was held in June and July, followed by the equally delayed Tokyo Olympics in August. Q3 2021 also featured several F1 Grand Prix races. There was no way that cybercriminals and profiteers could pass up such a golden ...
- Cring ransomware continues assault on industrial organizations with aging applications, VPNs
November 1, 2021
The Cring ransomware group continues to make a name for itself through attacks on aging ColdFusion servers and VPNs after emerging earlier this year. Experts like Digital Shadows Sean Nikkel told ZDNet that what makes Cring interesting is that so far, they appear to specialize in using older vulnerabilities in their attacks. “In a previous incident, Cring ...
- Office 365 Phishing Campaign Uses Kaspersky’s Amazon SES Token
November 1, 2021
A surge in spearphishing emails designed to steal Office 365 credentials were rigged to look like they came from a Kaspersky email address. In spite of coming from sender addresses such as [email protected], nobody at Kaspersky sent the phishing emails, the security company said in an advisory issued on Monday. Rather, the emails were sent with ...
- Europol: 12 Targeted For Involvement In Ransomware Attacks Against Critical Infrastructure
October 29, 2021
A total of 12 individuals wreaking havoc across the world with ransomware attacks against critical infrastructure have been targeted as the result of a law enforcement and judicial operation involving eight countries. These attacks are believed to have affected over 1 800 victims in 71 countries. These cyber actors are known for specifically targeting large corporations, ...
- TrickBot malware dev extradited to U.S. faces 60 years in prison
October 29, 2021
A Russian national believed to be a member of the TrickBot malware development team has been extradited to the U.S. and is currently facing charges that could get him 60 years in prison. 38-year old Vladimir Dunaev, also known as FFX, was a malware developer that supervised the creation of TrickBot’s browser injection module, the indictment ...