Microsoft’s Threat Intelligence teams have uncovered and exposed a spear phishing campaign targeting WhatsApp accounts, attributed to the Russian-linked hacker group Star Blizzard. The campaign began in October 2023 and continued through August 2024.
Following extensive analysis, Microsoft’s experts revealed that the campaign primarily targeted journalists, politicians, think tanks, and NGO leaders. These individuals’ data was collected and transmitted to remote servers, according to the company’s findings.
Star Blizzard’s method was straightforward: they initially sent a link to WhatsApp users that appeared to be from a well-known U.S.-based organization, such as a government agency, NGO, or public utility. Once a user engaged with the link, they were subsequently sent an email containing a malicious web link. This was the beginning of the covert operation to gather sensitive information from the victims without their awareness.
The U.S. Department of Justice, in collaboration with the FBI, has identified and taken action against those responsible for the campaign. They seized the perpetrators’ IT infrastructure and gathered substantial evidence. However, the threat remains persistent as the attackers continue to find new ways to carry on their cybercriminal activities.
It’s worth noting that this tactic mirrors previous incidents, such as the spread of Pegasus spyware by the NSO Group. Originally developed for government use to monitor terrorists and criminals, Pegasus made its way to the dark web and was eventually used to infiltrate the device of Amazon founder Jeff Bezos via WhatsApp, leading to a high-profile personal scandal.
Similarly, Star Blizzard appears to be carrying out surveillance on behalf of the Kremlin, conducting spear phishing campaigns to gather intelligence for political or strategic purposes.
Ad
Join over 500,000 cybersecurity professionals in our LinkedIn group “Information Security Community”!