Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- Easyjet hacked: 9 million people’s data accessed plus 2,200 credit card details grabbed
May 17, 2020
Budget British airline Easyjet has been hacked, it has told the stock markets, admitting nine million people’s details were accessed and more than 2,000 customers’ credit card details stolen. Some information about the attack was released to the London Stock Exchange by the company, which claimed it had been targeted by “a highly sophisticated source”. Email addresses and “travel ...
- Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways
May 14, 2020
As part of Unit 42’s efforts to proactively monitor threats circulating in the wild, I recently came across new Hoaxcalls and Mirai botnet campaigns targeting a post-authentication Remote Code Execution vulnerability in Symantec Secure Web Gateway 5.0.2.8, which is a product that became end-of-life (EOL) in 2015 and end-of-support-life (EOSL) in 2019. There is no ...
- COMpfun authors spoof visa application with HTTP status-based Trojan
May 14, 2020
You may remember that in autumn 2019 we published a story about how a COMpfun successor known as Reductor infected files on the fly to compromise TLS traffic. If you’re wondering whether the actor behind the malware is still developing new features, the answer is yes. Later in November 2019 our Attribution Engine revealed a new Trojan with ...
- QNodeService: Node.js Trojan Spread via Covid-19 Lure
May 14, 2020
We recently noticed a Twitter post by MalwareHunterTeam that showed a Java downloader with a low detection rate. Its name, “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar”, suggests it may have been used in a Covid-19-themed phishing campaign. Running this file led to the download of a new, undetected malware sample written in Node.js; this trojan ...
- COVID-19 blamed for 238% surge in cyberattacks against banks
May 14, 2020
The coronavirus pandemic has been connected to a 238% surge in cyberattacks against banks, new research claims. On Thursday, VMware Carbon Black released the third edition of the Modern Bank Heists report, which says that financial organizations experienced a massive uptick in cyberattack attempts between February and April this year — the same months in which COVID-19 began to spread ...
- This powerful Android malware stayed hidden for years, infecting tens of thousands of smartphones
May 14, 2020
A carefully managed hacking and espionage campaign is infecting smartphones with a potent form of Android malware, providing those behind it with total control of the device, while also remaining completely hidden from the user. Mandrake spyware abuses legitimate Android functions to help gain access to everything on the compromised device in attacks that can gather ...