1. Forum
  2. FidoNet
  3. POLITICS

  • Russian criminal gang Sta

    From Mike Powell@1:2320/105 to All on Saturday, January 18, 2025 10:36:00
    Russian criminal gang Star Blizzard found hitting WhatsApp accounts

    Date:
    Fri, 17 Jan 2025 14:27:00 +0000

    Description:
    Spear-phishing attack seems to be targeting Western high-profile targets, Microsoft warns.

    FULL STORY

    A Russian state-sponsored threat actor has been spotted engaging in a unique cyber-campaign aimed at supporting the countrys war effort against Ukraine.

    Researchers from Microsoft Threat Intelligence revealed the Star Blizzard
    group was recently seen phishing for WhatsApp accounts belonging to
    diplomats, government officials, defense policy or international relations researchers, and others who, in any capacity, work on the Russia - Ukraine
    war.

    The campaign most likely started in mid-November 2024, with Microsoft warning all users always remain vigilant when dealing with email, especially those containing links to external resources.

    Exfiltrating WhatsApp data

    The attack starts with an email impersonating a US government official. The body of the email discusses the latest non-governmental initiatives aimed at supporting Ukraine NGOs, and provides a QR code for a private WhatsApp group talking about these matters.

    The QR code is invalid, the researchers said, speculating that this might
    have been deliberate, to get the victim to reach out and ask for a new code. The follow-up email then provides a Safe Link wrapped t[.]ly shortened link that leads to a website with a separate QR code. This one, however, connects the WhatsApp account to a separate device, owned by the attackers.

    "This means that if the target follows the instructions on this page, the threat actor can gain access to the messages in their WhatsApp account and
    have the capability to exfiltrate this data using existing browser plugins, which are designed for exporting WhatsApp messages from an account accessed
    via WhatsApp Web, Microsofts researchers said in their write-up.

    The attack vector is relatively new, they added, speculating that Star
    Blizzard was forced to adapt after being thoroughly analyzed by the cybersecurity community: "This is the first time we have identified a shift
    in Star Blizzard's longstanding tactics, techniques, and procedures (TTPs) to leverage a new access vector," Redmond concluded.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/russian-criminal-gang-star-blizzard-fou nd-hitting-whatsapp-accounts

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)