Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- Ransomware by the numbers: Reassessing the threat’s global impact
April 23, 2021
Kaspersky has been following the ransomware landscape for years. In the past, we’ve published yearly reports on the subject: PC ransomware in 2014-2016, Ransomware in 2016-2017, and Ransomware and malicious crypto miners in 2016-2018. In fact, in 2019, we chose ransomware as the story of the year, upon noticing the well-known threat was shifting its ...
- Unsecured Kubernetes Instances Could Be Vulnerable to Exploitation
April 23, 2021
Between October 2020 and February 2021, Unit 42 researchers periodically scanned and analyzed unsecured Kubernetes (also known as k8s) clusters on the internet. Kubernetes clusters can and should be configured for greater security, but when left unsecured, these clusters can be accessed anonymously by anyone who knows their IPs, ports and APIs. Researchers identified 2,100 ...
- Ransomware’s perfect target: Why shipping and logistics industry needs to improve cybersecurity, before it’s too late
April 23, 2021
Ransomware attacks against the shipping and logistics industry have tripled in the past year, as cyber criminals target the global supply chain in an effort to make money from ransom payments. Analysis by cybersecurity company BlueVoyant found that ransomware attacks are increasingly targeting shipping and logistics firms at a time when the global COVID-19 pandemic means ...
- Passwordstate password manager hacked in supply chain attack
April 23, 2021
Click Studios, the company behind the Passwordstate enterprise password manager, notified customers that attackers compromised the app’s update mechanism to deliver malware in a supply-chain attack after breaching its networks. Passwordstate is an on-premises password management solution used by over 370,000 security and IT professionals at 29,000 companies worldwide, as the company claims. Its customer list includes ...
- Ransomware is growing at an alarming rate, warns GCHQ chief
April 23, 2021
The scale and severity of ransomware is growing at an alarming rate as cyber criminals look to exploit poor cybersecurity to maximise profit, the director of GCHQ has warned. Organisations and their employees have been forced to adapt to different ways of working over the last year, with many now even more reliant on remote services ...
- New cryptomining malware builds an army of Windows, Linux bots
April 23, 2021
A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero (XMRig) miner and self-spreader malware payloads. First spotted by Alibaba Cloud (Aliyun) security researchers in February (who dubbed it Sysrv-hello) and active since December 2020, the botnet has also landed on the radars of researchers at ...