Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- September Patch Tuesday Updates Exchange, SharePoint
September 9, 2020
This month’s update includes 129 updates for the Microsoft Office suite, with 15 specifically addressing SharePoint vulnerabilities. Of the total number, 23 have been rated Critical and 105 as Important. No zero days have been observed, but four vulnerabilities are under close scrutiny for their potential abuse. Specifically, CVE-2020-16875 can be exploited for remote code execution ...
- City of Hartford postpones first day of school after ransomware attack
September 8, 2020
Officials from the city of Hartford, Connecticut, were forced to postpone the first day of the new school calendar year after a ransomware infection impacted the city’s IT network. According to a statement published by Hartford Public Schools, the school district serving the city of Hartford, the ransomware attack impacted several of the school’s internal IT ...
- Netwalker ransomware hits Pakistan’s largest private power utility
September 8, 2020
K-Electric, the sole electricity provider for Karachi, Pakistan, has suffered a Netwalker ransomware attack that led to the disruption of billing and online services. K-Electric is Pakistan’s largest power supplier, serving 2.5 million customers and employing over 10 thousand people. Starting yesterday, K-Electric customers have been unable to access the online services for their account. To resolve this ...
- Newcastle University students’ data held to ransom by cyber criminals
September 8, 2020
Newcastle University is being held to ransom by cyber criminals in an attack which has been disrupting IT systems since the beginning of the month. The cyber crime group behind the attack – known as DoppelPaymer – previously leaked documents online relating to Elon Musk’s companies SpaceX and Tesla. The criminals have posted stolen files from the ...
- Exposed Docker Server Abused to Drop Cryptominer, DDoS Bot
September 8, 2020
Malicious actors continue to target environments running Docker containers. We recently encountered an attack that drops both a malicious cryptocurrency miner and a distributed denial-of-service (DDoS) bot on a Docker container built using Alpine Linux as its base image. A similar attack was also reported by Trend Micro in May; in that previous attack, threat ...
- Chilean bank shuts down all branches following ransomware attack
September 7, 2020
BancoEstado, one of Chile’s three biggest banks, was forced to shut down all branches on Monday following a ransomware attack that took place over the weekend. “Our branches will not be operational and will remain closed today,” the bank said in a statement published on its Twitter account on Monday. Details about the attack have not been ...