Security News Star Blizzard hackers abuse WhatsApp to target high-value diplomats

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/security/star-blizzard-hackers-abuse-whatsapp-to-target-high-value-diplomats/

Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations.

According to a Microsoft Threat Intelligence report, the campaign was observed in mid-November 2024 and represents a tactical shift for Star Blizzard as a response to the recent exposure of the threat actor's tactics, techniques, and procedures.

Star Blizzard starts the attack by impersonating a U.S. government official in email messages to the target. The lure is an invitation to join a WhatsApp group related to non-governmental initiatives supporting Ukraine.

The email contains a purposefully broken QR code, in an attempt to force a reply from the recipient requesting an alternative link.

If the victim responds, Star Blizzard sends another email with a ‘t.ly’ short link, which directs them to a fake webpage that mimics a legitimate WhatsApp invitation page with a new QR code.

However, the new QR code is to link a new device, the attacker's, to the victim's WhatsApp account.

As the attack relies solely on social engineering and there’s no malware involved for antivirus tools to detect, users should be wary of unsolicited communications and exercise extra caution when receiving invitations to join groups.

It is also a good idea to check the devices linked to your WhatsApp account. This is possible from the "Linked devices" options in the application on the mobile device (iPhone or Android) and log out any device you don't recognize.

Star Blizzard hackers abuse WhatsApp to target high-value diplomats

Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations.

www.bleepingcomputer.com

 

[Vitali Ortzi]

Star Blizzard hackers abuse WhatsApp to target high-value diplomats

Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations.

www.bleepingcomputer.com

Pretty intelligent and since you don't type the details in a form many ai technologies like zero pishing wouldn't work and you will have to hope ai catagoriztion finds it as malicious

Oh and since the qr code uses what's app on the phone and not any login details on the PC it should bypass dlp technologies too


About browser isolation since it's a qr code it will bypass that as welll
So simple yet effective pishing campaign