Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- DNS Rebinding Attack: How Malicious Websites Exploit Private Networks
August 31, 2021
Web-based consoles are widely adopted by management software and smart devices to provide interactive data visualization and user-friendly configuration. This is gaining momentum as enterprises’ computer systems become more complex and more modern internet of things (IoT) devices are used at home. These web applications are usually located in internal environments or private networks protected ...
- HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform
August 30, 2021
Hewlett Packard Enterprise (HPE) is warning a vulnerability in Sudo, an open-source program used within its Aruba AirWave management platform, could allow any unprivileged and unauthenticated local user to gain root privileges on a vulnerable host. Rated high in severity, HPE warns the Sudo flaw could be part of a “chained attack” where an “attacker has ...
- QNAP works on patches for OpenSSL bugs impacting its NAS devices
August 30, 2021
Network-attached storage (NAS) maker QNAP is investigating and working on security updates to address remote code execution (RCE) and denial-of-service (DoS) vulnerabilities patched by OpenSSL last week. The security flaws tracked as CVE-2021-3711 and CVE-2021-3712, impact QNAP NAS device running QTS, QuTS hero, QuTScloud, and HBS 3 Hybrid Backup Sync (a backup and disaster recovery app), ...
- New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305)
August 30, 2021
Unit 42 researchers have observed exploits in the wild for a recently disclosed command injection vulnerability affecting WebSVN, an open-source web application for browsing source code. The critical command injection vulnerability was discovered and patched in May 2021. A proof of concept was released and within a week, on June 26, 2021, attackers exploited the ...
- Cloudflare says it stopped the largest DDoS attack ever reported
August 27, 2021
Cloudflare said it’s system managed to stop the largest reported DDoS attack in July, explaining in a blog post that the attack was 17.2 million requests-per-second, three times larger than any previous one they recorded. Cloudflare’s Omer Yoachimik explained in a blog post that the company serves over 25 million HTTP requests per second on average ...
- Ransomware: It’s only a matter of time before a smart city falls victim, and we need to take action now
August 27, 2021
Ransomware attacks are going to get worse – and one could eventually take out the infrastructure of an entire 5G-enabled smart city, a cybersecurity expert has warned. Cyber criminals deploying ransomware regularly target government services. Not only do public sector IT budgets mean networks are less secure against attacks, but said networks are also used to ...