New Star Blizzard attacks set sights on WhatsApp accounts

WhatsApp accounts have been targeted by Russian hacking operation Star Blizzard, also known as ColdRiver, Calisto, BlueCharlie, TA446, and UNC4057, in a new spear-phishing attack campaign that ended in November, which may have been aimed at facilitating more covert compromise, The Hacker News reports.

Malicious emails under the guise of a U.S. government official sought to lure individuals part of the government and diplomacy sectors into joining a WhatsApp group on non-governmental initiatives for Ukraine NGOs through a shortened link that redirected to a webpage seeking a QR code scan, a report from the Microsoft Threat Intelligence Team showed. With such a QR code used by WhatsApp for linking accounts with devices, Star Blizzard has gained unauthorized message access and data exfiltration capabilities. Such an attack campaign — which comes after joint Microsoft and Justice Department crackdown on the group's domains — "marks a break in long-standing Star Blizzard TTPs and highlights the threat actor's tenacity in continuing spear-phishing campaigns to gain access to sensitive information even in the face of repeated degradations of its operations," said Microsoft.