.png)
Microsoft threat intelligence have uncovered a new spear phishing campaign being carried out by the Russian affiliated cyber espionage group Star Blizzard. This campaign as believed to have started around mid-November 2024 with the main objective of compromising the Whatsapp accounts of high-profile government and international policy targets and then exfiltrating the messages to gather intelligence.
Microsoft highlighted that this shift in tactics is likely due to the recent takedown of multiple domains used by Star Blizzard that they carried out in collaboration with the US government. Star blizzard have gained notoriety for targeting previous government officials both in the US and the UK with multiple campaigns in past years. First an attacker will reach out inviting the target to join a Whatsapp group for "the latest non-governmental initiatives aimed at supporting Ukraine NGOs.” via a QR code. This QR code is actually broken and is designed to socially engineer a victim into responding and inquiring about obtaining a new QR code. The attacker will then send a new QR code claiming that It will allow the victim to join the group however this new QR code is actually a code used by Whataspp to link devices to Whatsapp web portal and will allow the attacker to view and exfiltrate the victims messages using pre-existing plugins.
Microsoft have warned that this quick adoption of new strategies proves that Star Blizzard can quickly evolve and adapt to interference by law enforcement and that those working within government and intelligence fields should be careful when dealing with links and emails originating from outside of there organisation.
The National Cyber Security Centre have published further information about phishing and QR codes with tips on how to identify these types of phishing attack: QR Codes - what's the real risk? - NCSC.GOV.UK
Comments