The Russian risk actor “Star Blizzard” has launched a spear-phishing marketing campaign making an attempt to compromise WhatsApp accounts, in keeping with researchers at Microsoft. The operation targets people who’re concerned in offering help to Ukraine.
“Star Blizzard’s new spear-phishing marketing campaign, whereas novel in that it makes use of and targets WhatsApp for the primary time, displays acquainted spear-phishing TTPs for Star Blizzard, with the risk actor initiating e-mail contact with their targets, to have interaction them, earlier than sending them a second message containing a malicious hyperlink,” Microsoft says.
“The sender handle utilized by the risk actor on this marketing campaign impersonates a US authorities official, persevering with Star Blizzard’s observe of impersonating identified political/diplomatic figures, to additional guarantee goal engagement.”
The spear phishing emails comprise a damaged QR code designed to immediate the consumer to answer to the e-mail requesting a working hyperlink.
“The preliminary e-mail despatched to targets incorporates a fast response (QR) code purporting to direct customers to affix a WhatsApp group on ‘the newest non-governmental initiatives geared toward supporting Ukraine NGOs,’” the researchers write.
“This code, nevertheless, is deliberately damaged and won’t direct the consumer in direction of any legitimate area; that is an effort to coax the goal recipient into responding. When the recipient responds, Star Blizzard sends a second e-mail containing a Protected Hyperlinks-wrapped t[.]ly shortened hyperlink as the choice hyperlink to affix the WhatsApp group.”
If the consumer clicks this hyperlink, they’ll be taken to a working QR code designed to take over their WhatsApp account.
“When this hyperlink is adopted, the goal is redirected to a webpage asking them to scan a QR code to affix the group,” the researchers write. “Nevertheless, this QR code is definitely utilized by WhatsApp to attach an account to a linked gadget and/or the WhatsApp Internet portal.
Which means that if the goal follows the directions on this web page, the risk actor can achieve entry to the messages of their WhatsApp account and have the potential to exfiltrate this information utilizing present browser plugins, that are designed for exporting WhatsApp messages from an account accessed through WhatsApp Internet.”
KnowBe4 empowers your workforce to make smarter safety selections day by day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human threat.
Microsoft has the story.
