Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- Android spyware strains linked to state-sponsored Confucius threat group
February 11, 2021
Two variants of Android spyware connected to pro-India, state-sponsored hacking campaigns have been discovered. On Tuesday, cybersecurity firm Lookout said that two malware strains, dubbed Hornbill and SunBird, have been linked to Confucius, an advanced persistent threat (APT) group thought to be state-sponsored and to have pro-India ties. First detected in 2013, Confucius has been linked to ...
- Avaddon ransomware fixes flaw allowing free decryption
February 11, 2021
The Avaddon ransomware gang has fixed a bug that let victims recover their files without paying the ransom. The flaw came to light after a security researcher exploited it to create a decryptor. On Tuesday, Javier Yuste, a Ph.D. student at Rey Juan Carlos University, published a decryptor for the Avaddon Ransomware on his GitHub page ...
- Microsoft warns enterprises of new ‘dependency confusion’ attack technique
February 10, 2021
Microsoft has published a white paper on Tuesday about a new type of attack technique called a “dependency confusion” or a “substitution attack” that can be used to poison the app-building process inside corporate environments. The technique revolves around concepts like package managers, public and private package repositories, and build processes. Today, developers at small or large ...
- British cyber gang ‘stole large amounts from US sports and music stars after accessing their phones’
February 10, 2021
Eight Britons have been arrested for hacking into the phones of US celebrities to steal money and personal information – even posing as them online. Britain’s National Crime Agency (NCA) said sports stars, musicians and their families had been targeted by the scam in which criminals gain access to their victim’s phones or accounts. This allowed them ...
- BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech
February 9, 2021
Highly malleable, highly sophisticated and over 10,000 bytes of machine code. This is what Unit 42 researchers were met with during code analysis of this “bear” of a file. The code behavior and features strongly correlate with that of the WaterBear malware family, which has been active since as early as 2009. Analysis by Trend ...
- Android Devices Hunted by LodaRAT Windows Malware
February 9, 2021
A newly discovered variant of the LodaRAT malware, which has historically targeted Windows devices, is being distributed in an ongoing campaign that now also hunts down Android devices and spies on victims. Along with this, an updated version of LodaRAT for Windows has also been identified; both versions were seen in a recent campaign targeting Bangladesh, ...