Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- Hello Ransomware Uses Updated China Chopper Web Shell, SharePoint Vulnerability
April 27, 2021
In January, Trend Micro researchers encountered a new ransomware using .hello as its extension in one of our cases that possibly arrived via a SharePoint server vulnerability. This appeared to be a new ransomware family dubbed as the Hello ransomware (aka WickrMe), named after the chat application that was used to contact the cybercriminals responsible. Previous ...
- Linux Kernel Bug Opens Door to Wider Cyberattacks
April 27, 2021
An information-disclosure security vulnerability has been discovered in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices. Specifically, the bug (CVE-2020-28588) exists in the /proc/pid/syscall functionality of 32-bit ARM devices running Linux, according to Cisco Talos, which discovered the vulnerability. It arises from an improper conversion of ...
- Flubot Spyware Spreading Through Android Devices
April 26, 2021
Android mobile phone users across the U.K. are being targeted by text messages containing a particularly nasty piece of spyware called “Flubot,” according to the country’s National Cyber Security Centre. The malware is delivered to targets through SMS texts and prompts them to install a “missed package delivery” app. Instead, it takes victims to a scam ...
- DC Police confirms cyberattack after ransomware gang leaks data
April 26, 2021
The Metropolitan Police Department has confirmed that they suffered a cyberattack after the Babuk ransomware gang leaked screenshots of stolen data. The Metropolitan Police Department, also known as the DC Police or MPD, is the primary law enforcement agency for Washington, DC, the US capital. In a statement to BleepingComputer, the DC Police stated that they are ...
- Nvidia Warns About Severe Security Bugs in GPU Driver, vGPU Software
April 26, 2021
Nvidia has disclosed a group of security vulnerabilities in the Nvidia graphics processing unit (GPU) display driver, which could subject gamers and others to privilege-escalation attacks, arbitrary code execution, denial of service (DoS) and information disclosure. Meanwhile, the Nvidia virtual GPU (vGPU) software also has a group of bugs that could lead to a range of ...
- The big Pentagon internet mystery now partially solved
April 24, 2021
A very strange thing happened on the internet the day President Joe Biden was sworn in. A shadowy company residing at a shared workspace above a Florida bank announced to the world’s computer networks that it was now managing a colossal, previously idle chunk of the internet owned by the U.S. Department of Defense. That real ...