Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- WhatsApp chief claims government officials among 1,400 WhatsApp users targeted in 2019 attack
July 24, 2021
Senior government officials around the world – including individuals in high national security positions who are “allies of the US” – were targeted by governments with NSO Group spyware in a 2019 attack against 1,400 WhatsApp users, according to the messaging app’s chief executive. Will Cathcart disclosed the new details about individuals who were targeted in ...
- New PetitPotam attack allows take over of Windows domains
July 23, 2021
A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain. Many organizations utilize Microsoft Active Directory Certificate Services, which is a public key infrastructure (PKI) server that can be used to authenticate users, services, and machines on a Windows domain. Read ...
- FIN7’s Liquor Lure Compromises Law Firm with Backdoor
July 23, 2021
Financial cybercrime gang FIN7 has rebounded after the jailing of some key members, launching a campaign that uses as a lure a legal complaint involving the liquor company that owns Jack Daniels whiskey. The gambit successfully compromised at least one law firm, giving them a shot of the JSSLoader remote-access trojan (RAT), researchers said. According to ...
- Even after Emotet takedown, Office docs deliver 43% of all malware downloads now
July 23, 2021
Malware delivered over the cloud increased by 68% in Q2, according to data from cybersecurity firm Netskope. The company released the fifth edition of its Cloud and Threat Report that covers the cloud data risks, threats and trends they see throughout the quarter. The report noted that cloud storage apps account for more than 66% of cloud ...
- Gun owners’ fears after Guntrader.uk data breach
July 23, 2021
Thousands of names and addresses belonging to UK customers of a leading website for buying and selling shotguns and rifles have been published to the dark web following a “security breach”. Guntrader.uk told the BBC it learned of the breach on Monday and had notified the Information Commissioner’s Office. Police, including the National Crime Agency, are investigating. Read ...
- Updated XCSSET Malware Targets Telegram, Other Apps
July 22, 2021
In the last update on the XCSSET campaign, security researchers at Trend Micro updated some of its features targeting latest macOS 11 (Big Sur). Since then, the campaign added more features to its toolset, which we have continually monitored. We have also discovered the mechanism used to steal information from various apps, a behavior that ...