Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- WastedLocker ransomware abuses Windows feature to evade detection
August 4, 2020
The WastedLocker ransomware is abusing a Windows memory management feature to evade detection by security software. Before we get to how WastedLocker is evading detection, it is necessary to understand how anti-ransomware solutions detect ransomware. Anti-ransomware solutions will monitor the operating system for file system calls traditionally used by ransomware when encrypting a file. Read more… Source: Bleeping Computer
- Netgear Won’t Patch 45 Router Models Vulnerable to Serious Flaw
August 4, 2020
Netgear will not patch 45 router models that are vulnerable to a high-severity remote code execution flaw, the router company revealed last week. However, the company says that routers that won’t receive updates are outdated or have reached EOL (End of Life). The remote code execution vulnerability in question, which was disclosed June 15, allows network-adjacent ...
- UK: Russian hackers stole trade papers from Liam Fox email
August 3, 2020
Documents on UK-US trade talks, leaked ahead of the 2019 general election, were stolen from an email account belonging to Conservative MP Liam Fox, it has emerged. The papers were published online and used by Labour in the 2019 campaign to claim the NHS would be put at risk. The UK government has said Russians almost certainly ...
- CISA, DOD, FBI expose new versions of Chinese malware strain named Taidoor
August 3, 2020
Three agencies of the US government have published today a joint alert alerting US private entities about new versions of Taidoor, a malware family previously associated with Chinese state-sponsored hackers. The alert has been authored by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA), the Department of Defense’s Cyber Command (CyberCom), and ...
- GandCrab ransomware distributor arrested in Belarus
August 3, 2020
In a press release last week, the Minister of Internal Affairs of Belarus announced the arrest of a 31-year-old man on charges of distributing the GandCrab ransomware. The man, whose name was not released, was arrested in Gomel, a small city in southeastern Belarus, at the intersection with the Russian and Ukraine border. Authorities said the man ...
- FBI sees surge in online shopping scams, FTC says most reports ever
August 3, 2020
The U.S. Federal Bureau of Investigation (FBI) today warned of an increased number of reports coming from victims of online shopping scams. The public service announcement, published on the agency’s Internet Crime Complaint Center (IC3), says that the scam victims report that they found the scammers’ websites either via direct searches on popular web search engines ...