Russian Hackers Target WhatsApp Accounts, Microsoft


Microsoft warns the WhatsApp accounts of US government officials are being targetted by Russian hacking group

Microsoft has outlined a new attack vector being exploited by Russian state-linked hackers, known as “Star Blizzard” (also sometimes known as Seaborgium, Coldriver or Callisto Group).

In a blog post last week, the tech giant noted that in mid-November 2024, Microsoft Threat Intelligence had observed the “Russian threat actor sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group.”

It said this is the first time that it had identified a shift in Star Blizzard’s long-standing tactics of using spear-phishing campaigns, which are usually emails that appeared to come from a trusted source.

WhatsApp attack vector

It was back in December 2023 when the UK’s National Cyber Security Centre (NCSC) had linked Star Blizzard to Russia’s domestic spy agency, the FSB, and has accused it of seeking to “undermine trust in politics in the UK and likeminded states”.

The FSB is of course the successor agency of the infamous (Soviet-era) KGB, and now they seem to be targetting WhatsApp accounts.

According to Microsoft’s blogpost victims receive an email from an attacker, enticing the recipient to click on a QR code that gives the attacker access to their WhatsApp account.

“The initial email sent to targets contains a quick response (QR) code purporting to direct users to join a WhatsApp group on ‘the latest non-governmental initiatives aimed at supporting Ukraine NGOs,’” Microsoft warned.

“The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement,” Microsoft wrote.

The code, instead of giving access to a WhatsApp group, connects an account to a linked device or the WhatsApp Web portal.

“We assess the threat actor’s shift to compromising WhatsApp accounts is likely in response to the exposure of their TTPs by Microsoft Threat Intelligence and other organisations, including national cybersecurity agencies,” wrote Microsoft. “While this campaign appears to have wound down at the end of November, we are highlighting the new shift as a sign that the threat actor could be seeking to change its TTPs in order to evade detection.”

Microsoft Threat Intelligence recommends that all email users belonging to sectors that Star Blizzard typically targets always remain vigilant when dealing with email, especially emails containing links to external resources.

It said that when in doubt, contact the person you think is sending the email using a known and previously used email address to verify that the email was indeed sent by them.

Russian threats

Last October both Microsoft and Amazon had warned of targeted attacks by a Russian-backed group impersonating staff of the two companies.

The group, tracked by Microsoft as Midnight Blizzard and by AWS as APT29, is known for carrying out hacks on organisations and individuals to gather intelligence on behalf of Russia’s Foreign Intelligence Service (SVR).

The group has been sending out “highly targeted spear-phishing emails” to individuals in government, academia, defence, non-governmental organisations, and other sectors since 22 October, Microsoft said in an advisory.

Earlier that same month Microsoft, alongside US officials, had disrupted a spear-phishing campaign being carried out by a unit of (or their criminal proxies) the Russian Federal Security Service (the FSB).

In September 2024 the UK’s NCSC, and nine international allies had for the first time exposed the tactics and techniques used by Unit 29155 of Russia’s military intelligence, the GRU, to carry out cyber-operations against government and critical infrastructure organisations around the world.

The US allege the seized domains were used by hackers belonging to, or criminal proxies working for, the “Callisto Group,” an operational unit within Center 18 of the Russian Federal Security Service (the FSB).



Source link

Share

Latest Updates

Frequently Asked Questions

Related Articles

China’s JD.com moves into food delivery, starts recruiting restaurants

China's e-commerce giant JD.com is venturing into the country's highly competitive food delivery...

Realme P3 Pro Design Teased; to Be Available With a Glow in the Dark Rear Panel

Realme P3 Pro is set to be unveiled in India on February 18....

Texas awards grants to five space companies

WASHINGTON — A Texas state agency awarded $47.7 million in grants to five...

As Elon Musk Reviews Moon Program, Boeing Warns Workers Building Artemis Rocket of Mass Layoffs

Aerospace giant Boeing is warning that hundreds of workers currently working on NASA's...
SULTAN88
SULTANSLOT
RAJA328
JOIN88
GFC88
HOKIBET
RUSIASLOT88
TAHU69
BONANZA99
PRAGMABET
MEGA55
LUXURY777
LUXURY333
BORJU89
QQGAMING
KEDAI168
MEGA777
NAGASLOT777
TAKSU787
KKSLOT777
MAS77TOTO
bandar55
BOS303
HOKI99
NUSA365
YUHUSLOT
KTP168
GALAXY138
NEXIA138
PETIR33
BOOM138
MEGA888
CABE888
FOSIL777
turbospin138
KAPAKBET
SUPERJP
sultankoin99
dragon88
raffi888
kenzobet
aladin666
rgo365
ubm4d
GERCEP88
VIVA99
CR777
VOXY88
delman567
intan69
CABE888
RNR303
LOGO303
PEMBURUGACOR
mpo383
cermin4d
bm88
ANGKA79
WOWHOKI
ROKET303
MPOXL
GURITA168
SUPRASLOT
SGCWIN
DESA88
ARWANA388
DAUNEMAS
ALADDIN666
BIOWIN69
SKY77
DOTA88
NAGA138
API5000
y200m
PLAYBOOK88
LUXURY12
A200M
MPO700
KENANGAN4D
cakrabola
PANDAGENDUT
MARVEL77
UG300
HOKI178
MONTE77
JASABOLA
UNTAR4D
LIDO88
MAFIABOLA77
GASPOL189
mpo999
untung138
TW88
JAGUAR33
MPOBOS
SHIO88
VIVO4D
MPOXL
JARISAKTI
BBO303
AONCASH
ANGKER4D
LEVIS4D
JAGO88
REPUBLIK365
BOSDEAL88
BOLA168
akunjp
WARTEGBET
EZEBET
88PULSA
KITAB4D
BOSDEAL88
STUDIOBET
MESINKOIN
BIMA88
PPNUSA
ABGBET88
TOP77
BAYAR77
YES77
BBTN4D
BBCA4D
VSLOTS88
MPO800
PAHALA4D
KPI4D
JURAGAN77
QQ188
BOLAPELANGI
C200M
QQ998
GWKTOGEL
MEGABANDAR
COLOWIN
VIP579
SEVEN4D
MPO188
DEWATA88
SURAT4D
SINAR123
LAMBO77
GUDANG4D
AWAN4D
PLANETLIGA
GT88
ROYALSPIN88
MAMAJITU
MITO99
PEDIA4D
WIBU69JP
333HOKI
SIDARMA88
NAGAEMAS99
HOLA88
CAKAR76
KINGTOTO
RATUGAMING
SSI168
PILAR168
ACTOTO
EYANGTOGEL
KAISAR328
SLOT628
KAISAR88
DOTA88
MAXWIN369
ALIBABA99
MM168
SQUAD777
NAGABET88
JAYABOLA
SEMPATIGAME
PANDAJAGO
PIKAT4D
SINGA77
YUYU33
MASTERPLAY99
VICTORY39
NASA4D
PERMATA55
SAKAUSLOT
CK303
MPOTOWER
CIPUTRABET
WINJUDI
DEWI5000
IYA777
MAHIRTOTO
GOSLOT88
TIPTOP4D
RAJA787
JBO680
JOKER188
EPICPLAY88
TRIVABET
KAISAR189
JOKER81
JPSPIN88
MAYORA4D
DJARUMPLAY
OVO88
BAKTI78
WINGSLOT77
ICAFE4D
PDTOTO
JETPLAY88
CMBET88
CMBET88
didascaliasdelteatrocaminito.com
glenellynrent.com
gypsumboardequipment.com
realseller.org
https://harrysphone.com/upin
gyergyoalfalu.ro/tokek
vipokno.by/gokil
winjospg.com
winjos801.com/
www.logansquarerent.com
internationalfintech.com/bamsz
condowizard.ca
jawatoto889.com
hikaribet3.live
hikaribet1.com
heylink.me/hikaribet
www.nomadsumc.org
condowizard.ca/aromatoto
euro2024gol.com
www.imaracorp.com
daftarsekaibos.com
stuffyoucanuse.org/juragan
Toto Macau 4d
Aromatoto
Lippototo
Mbahtoto
Winjos
152.42.229.23
bandarlotre126.com
heylink.me/sekaipro
www.get-coachoutletsonline.com
wholesalejerseyslord.com
Lippototo
Zientoto
Lippototo
Situs Togel Resmi
Fajartoto
Situs Togel
Toto Macau
Winjos
Winlotre
Aromatoto
design-develop-test.com
winlotre.online
winlotre.xyz
winlotre.us
winlotrebandung.com
winlotrepalu.com
winlotresurabaya.shop
winlotrejakarta.com
winlotresemarang.shop
winlotrebali.shop
winlotreaceh.shop
winlotremakmur.com
Dadu Online
Taruhantoto
a Bandarlotre
bursaliga
lakitoto
aromatoto
Rebahin
untungslot.pages.dev
slotpoupler.pages.dev
rtpliveslot88a.pages.dev
tipsgameslot.pages.dev
pilihslot88.pages.dev
fortuertiger.pages.dev
linkp4d.pages.dev
linkslot88a.pages.dev
slotpgs8.pages.dev
markasjudi.pages.dev
saldo69.pages.dev
slotbenua.pages.dev
saingtoto.pages.dev
markastoto77.pages.dev
jowototo88.pages.dev
sungli78.pages.dev
volatilitas78.pages.dev
bonusbuy12.pages.dev
slotoffiline.pages.dev
dihindari77.pages.dev
rtpdislot1.pages.dev
agtslot77.pages.dev
congtoto15.pages.dev
hongkongtoto7.pages.dev
sinarmas177.pages.dev
hours771.pages.dev
sarana771.pages.dev
kananslot7.pages.dev
balitoto17.pages.dev
jowototo17.pages.dev
aromatotoding.com
unyagh.org
fairparkcounseling.com/gap/
impress-newtex.com/ajax/
SULTAN88
SULTANSLOT
RAJA328
JOIN88+
HOKIBET
GFC88
RusiaSlot88
Tahu69
BONANZA99
Pragmabet
mega55
luxury777
luxury333
borju89
qqgaming
KEDAI168
mega777
nagaslot777
TAKSU787
kkslot777
MAS77TOTO
BANDAR55+
BOS303
Login-HOKI99/
NUSA365
YUHUSLOT
ktp168
GALAXY138