Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- TrickBot malware now checks screen resolution to evade analysis
July 1, 2020
The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine. When researchers analyze malware, they typically do it in a virtual machine that is configured with various analysis tools. Due to this, malware commonly uses anti-VM techniques to detect whether the malware is ...
- US Govt shares tips on defending against cyberattacks via Tor
July 1, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) today issued guidance on how to protect against cyberattacks launched from the activity originating from or routed through the Tor anonymity network. Tor is a software enabling internet anonymity by automatically encrypt and reroute a user’s web requests through a network of Tor nodes (relay layers). Tor’s infrastructure is also used ...
- New Android Spyware Tools Emerge in Widespread Surveillance Campaign
July 1, 2020
Researchers have uncovered a surveillance campaign, dating back to at least 2013, which has used a slew of Android surveillanceware tools to spy on the Uyghur ethnic minority group. The campaign uses three never-before-seen Android surveillanceware tools, dubbed SilkBean, GoldenEagle and CarbonSteal, and one previously disclosed tool, DoubleAgent. The purpose of these tools is to gather and ...
- ThiefQuest ransomware is a file-stealing Mac wiper in disguise
June 30, 2020
A new data wiper and info-stealer called ThiefQuest is using ransomware as a decoy to steal files from macOS users. The victims get infected after downloading trojanized installers of popular apps from torrent trackers. While not common, ransomware has been known to target the macOS platform in the past, with KeRanger, FileCoder (aka Findzip), and Patcher being three other examples of malware ...
- StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks
June 30, 2020
he APT group known as StrongPity is back with a new watering-hole campaign, targeting mainly Kurdish victims in Turkey and Syria. The malware served offers operators the ability to search for and exfiltrate any file or document from a victim’s machine. The group (a.k.a. Promethium) is operating a series of bogus websites purporting to offer a ...
- CISA: Nation-State Attackers Likely to Take Aim at Palo Alto Networks Bug
June 30, 2020
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that foreign hackers are likely to exploit a newly disclosed, critical vulnerability in a raft of Palo Alto Networks firewalls and enterprise VPN appliances, which allows for device takeover without authentication. The Department of Defense (DoD) arm that oversees cyberspace operations has advised all devices affected ...