Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- Phishing-as-a-service operation uses double theft to boost profits
September 22, 2021
Microsoft says BulletProofLink, a large-scale phishing-as-a-service (PhaaS) operation it spotted while investigating recent phishing attacks, is the driving force behind many phishing campaigns that have targeted many corporate organizations lately. The threat actor behind BulletProofLink (also known as BulletProftLink and Anthrax) provides cybercriminals with various services, ranging from selling phish kits and email templates to providing ...
- RaidForums data marketplace accidentally exposes private staff page
September 22, 2021
Underground marketplace and hacker forum, RaidForums, recently exposed internal pages from its website, meant for staff members only. RaidForums is a data breach marketplace where threat actors often sell or leak illicitly obtained data dumps. Read more… Source: Bleeping Computer
- Microsoft Exchange Autodiscover bugs leak 100K Windows credentials
September 22, 2021
Bugs in the implementation of Microsoft Exchange’s Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide. In a new report by Amit Serper, Guardicore’s AVP of Security Research, the researcher reveals how the incorrect implementation of the Autodiscover protocol, rather than a bug in Microsoft Exchange, is causing Windows credentials to ...
- Detection evasion in CLR and tips on how to detect such attacks
September 21, 2021
In terms of costs, the age-old battle that pits attacker versus defender has become very one sided in recent years. Almost all modern attacks (and ethical offensive exercises) use Mimikatz, SharpHound, SeatBelt, Rubeus, GhostPack and other toolsets available to the community. This so-called githubification is driving attackers’ costs down and reshaping the focus from malware ...
- Russian state hackers use new TinyTurla malware as secondary backdoor
September 21, 2021
Russian state-sponsored hackers known as the Turla APT group have been using new malware over the past year that acted as a secondary persistence method on compromised systems in the U.S., Germany, and Afghanistan. Named TinyTurla due to its limited functionality and uncomplicated coding style, the backdoor could also be used as a stealthy second-stage malware ...
- Epik Confirms Hack, Gigabytes of Data on Offer
September 21, 2021
Epik, the domain registrar known for hosting several large right-wing organizations, has confirmed a hack of its systems, a week after attackers branding themselves with the Anonymous hacktivist collective label said that the group had obtained and leaked gigabits of data from the hosting company, including 15 million email addresses. “On September 15, we confirmed that ...