Russian Star Blizzard targets WhatsApp Accounts in new Spear-Phishing Campaign.
The cat-and-mouse game between state-sponsored Russian threat actor group’s and one of the world’s biggest technology companies has continued into 2025.
https://www.microsoft.com/en-us/security/blog/2025/01/16/new-star-blizzard-spear-phishing-campaign-targets-whatsapp-accounts/
#whatsapp #phishing #campaign #it #security #privacy #engineer #media #tech #news
![It all starts with a spear-phishing email that purports to be from a U.S. government official to lend it a veneer of legitimacy and increase the likelihood that the victim would engage with them.
The message contains a quick response (QR) code that urges the recipients to join a supposed WhatsApp group on "the latest non-governmental initiatives aimed at supporting Ukraine NGOs." The code, is deliberately broken so as to trigger a response from the victim.
Should the email recipient reply, Star Blizzard sends a second message, asking them to click on a t[.]ly shortened link to join the WhatsApp group, while apologizing for the inconvenience caused. "When this link is followed, the target is redirected to a web page asking them to scan a QR code to join the group," Microsoft explained. "However, this QR code is actually used by WhatsApp to connect an account to a linked device and/or the WhatsApp Web portal."
<https://faq.whatsapp.com/1317564962315842/?cms_platform=web>
In the event the target follows the instructions on the site ("aerofluidthermo[.]org"), the approach allows the threat actor to gain unauthorized access to their WhatsApp messages and even exfiltrate the data via browser add-ons.](https://friendica-leipzig.de/photo/preview/1024/465350 "It all starts with a spear-phishing email that purports to be from a U.S. government official to lend it a veneer of legitimacy and increase the likelihood that the victim would engage with them.
The message contains a quick response (QR) code that urges the recipients to join a supposed WhatsApp group on \"the latest non-governmental initiatives aimed at supporting Ukraine NGOs.\" The code, is deliberately broken so as to trigger a response from the victim.
Should the email recipient reply, Star Blizzard sends a second message, asking them to click on a t[.]ly shortened link to join the WhatsApp group, while apologizing for the inconvenience caused. \"When this link is followed, the target is redirected to a web page asking them to scan a QR code to join the group,\" Microsoft explained. \"However, this QR code is actually used by WhatsApp to connect an account to a linked device and/or the WhatsApp Web portal.\"
<https://faq.whatsapp.com/1317564962315842/?cms_platform=web>
In the event the target follows the instructions on the site (\"aerofluidthermo[.]org\"), the approach allows the threat actor to gain unauthorized access to their WhatsApp messages and even exfiltrate the data via browser add-ons.")
The cat-and-mouse game between state-sponsored Russian threat actor group’s and one of the world’s biggest technology companies has continued into 2025.
https://www.microsoft.com/en-us/security/blog/2025/01/16/new-star-blizzard-spear-phishing-campaign-targets-whatsapp-accounts/
#whatsapp #phishing #campaign #it #security #privacy #engineer #media #tech #news
![It all starts with a spear-phishing email that purports to be from a U.S. government official to lend it a veneer of legitimacy and increase the likelihood that the victim would engage with them.
The message contains a quick response (QR) code that urges the recipients to join a supposed WhatsApp group on "the latest non-governmental initiatives aimed at supporting Ukraine NGOs." The code, is deliberately broken so as to trigger a response from the victim.
Should the email recipient reply, Star Blizzard sends a second message, asking them to click on a t[.]ly shortened link to join the WhatsApp group, while apologizing for the inconvenience caused. "When this link is followed, the target is redirected to a web page asking them to scan a QR code to join the group," Microsoft explained. "However, this QR code is actually used by WhatsApp to connect an account to a linked device and/or the WhatsApp Web portal."
<https://faq.whatsapp.com/1317564962315842/?cms_platform=web>
In the event the target follows the instructions on the site ("aerofluidthermo[.]org"), the approach allows the threat actor to gain unauthorized access to their WhatsApp messages and even exfiltrate the data via browser add-ons.](https://nerdculture.de/system/media_attachments/files/113/860/748/225/877/438/original/069d44f0cf010b41.jpeg "It all starts with a spear-phishing email that purports to be from a U.S. government official to lend it a veneer of legitimacy and increase the likelihood that the victim would engage with them.
The message contains a quick response (QR) code that urges the recipients to join a supposed WhatsApp group on \"the latest non-governmental initiatives aimed at supporting Ukraine NGOs.\" The code, is deliberately broken so as to trigger a response from the victim.
Should the email recipient reply, Star Blizzard sends a second message, asking them to click on a t[.]ly shortened link to join the WhatsApp group, while apologizing for the inconvenience caused. \"When this link is followed, the target is redirected to a web page asking them to scan a QR code to join the group,\" Microsoft explained. \"However, this QR code is actually used by WhatsApp to connect an account to a linked device and/or the WhatsApp Web portal.\"
<https://faq.whatsapp.com/1317564962315842/?cms_platform=web>
In the event the target follows the instructions on the site (\"aerofluidthermo[.]org\"), the approach allows the threat actor to gain unauthorized access to their WhatsApp messages and even exfiltrate the data via browser add-ons.")
New Star Blizzard spear-phishing campaign targets WhatsApp accounts | Microsoft Security Blog
In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group.Microsoft Threat Intelligence (Microsoft Security Blog)
