Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.
The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement. The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.”
Read more…
Source: Microsoft
Related:
- A cyber-espionage group has been stealing files from the Venezuelan military
August 5, 2019
A cyber-espionage group known as “Machete” has been observed stealing sensitive files from the Venezuelan military, according to an ESET report published today. The group, known to have been active since 2010, has historically gone after a wide range of targets from all over the world. However, ESET said that starting with this year, Machete has ...
- Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
August 5, 2019
We have been tracking Trickbot banking trojan activity and recently discovered a variant of the malware (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.TIGOCDC) from distributed spam emails that contain a Microsoft Word document with enabled macro. Once the document is clicked, it drops a heavily obfuscated JS file (JavaScript) that downloads Trickbot as its payload. This malware ...
- New Dragonblood vulnerabilities found in WiFi WPA3 standard
August 3, 2019
Earlier this year in April, two security researchers disclosed details about five vulnerabilities (collectively known as Dragonblood) in the WiFi Alliance’s recently launched WPA3 WiFi security and authentication standard. Yesterday, the same security researchers disclosed two new additional bugs impacting the same standard. The two researchers — Mathy Vanhoef and Eyal Ronen — found these two new bugs in ...
- Nation-State APTs Target U.S. Utilities With Dangerous Malware
August 2, 2019
Researchers believe that nation-state actors are behind several spearphishing campaigns targeting U.S. utility companies with a newly-identified malware, which has the capabilities to view system data and reboot machines. Lure emails were sent to three U.S. utilities companies between July 19 and 25. They purported to be from a U.S.-based engineering licensing board, but actually contained ...
- GermanWiper ransomware hits Germany hard, destroys files, asks for ransom
August 2, 2019
For the past week, a new ransomware strain has been wreaking havoc across Germany. Named GermanWiper, this ransomware doesn’t encrypt files but instead it rewrites their content with zeroes, permanently destroying users’ data. As a result, any users who get infected by this ransomware should be aware that paying the ransom demand will not help them ...
- Financial threats in H1 2019
July 31, 2019
Financial cyberthreats are malicious programs that attack users of online banking services, electronic money, cryptocurrency and other similar services, as well as threats aimed at gaining access to financial organizations and their infrastructure. Kaspersky experts regularly analyze the statistics that the company’s products anonymously send to the cloud infrastructure of the Kaspersky Security Network (KSN) ...