Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- Digital Education: The cyberrisks of the online classroom
September 4, 2020
This past spring, as the COVID-19 pandemic took hold, online learning became the new norm as universities and classrooms around the world were forced to close their doors. By April 29, 2020, more than 1.2 billion children across 186 countries were impacted by school closures. Shortly after schools began to transition to emergency remote learning, it ...
- CISA and FBI say they have not seen cyber-attacks this year on voter registration databases
September 2, 2020
The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation said today that they have not seen any cyber-attacks target US voter registration databases and voting systems this year. The two agencies issued a joint statement today after an article in Russian media had gone viral earlier this morning. The article, published by Russian news ...
- A Blind Spot in ICS Security: The Protocol Gateway [Part 1] – Importance of the Protocol Gateway
September 1, 2020
A protocol gateway is a small network device, also called a “protocol converter” or “IoT gateway.” It is similar to an “interpreter” in the digital word, and acts as a communications intermediary between different protocols. As the integration of networks accelerates with IoT, protocol conversion grows increasingly important. However, the security of protocol gateways has ...
- Cybersquatting: Attackers Mimicking Domains of Major Brands Including Facebook, Apple, Amazon and Netflix to Scam Consumers
September 1, 2020
Users on the internet rely on domain names to find brands, services, professionals and personal websites. Cybercriminals take advantage of the essential role that domain names play on the internet by registering names that appear related to existing domains or brands, with the intent of profiting from user mistakes. This is known as cybersquatting. The ...
- Commodified Cybercrime Infrastructure – Exploring the Underground Services Market for Cybercriminals
September 1, 2020
Beyond standard underground offerings such as malware and exploit kits, cybercriminals also value having a stable hosting infrastructure that underpins all their activities. Such an infrastructure could host malicious content and the necessary components for controlling their operations (e.g., bulletproof hosting that run backend hacker infrastructure or a rented botnet of compromised machines). In many respects, ...
- New Bait Used in Instagram Profile Hacking Scheme
August 28, 2020
Last year, we observed attacks launched to steal high-profile Instagram accounts. Now, attacks of a similar nature are on the rise again, this time using new lures to achieve the same goal. Both strikes involve a group of Turkish-speaking hackers who seized Instagram accounts through credential phishing emails posing as legitimate messages from Instagram. The group ...