Hackers linked to Russia They have tried to attack WhatsApp accounts of government ministers from around the world. As reported by Microsoft, through an email message, they were invited to join conversations in this application.
The action has been attributed to Star Blizzarda group that the United Kingdom’s National Cyber Security Center (NCSC) links to the FSB spy agency. In statements reported by ‘The Guardian’, he accused the band of “undermining trust in politics both in the United Kingdom and in like-minded states.”
Microsoft began to observe threats last November 2024. As they explained in a publication on their website, this occasion was the first in which a change was detected in the tactics used by the group.
In this new campaign, victims first receive an email message in which contact with them is initiated. The sender apparently he is a government official of the United States. Specifically, what the group wants is to impersonate well-known characters to deceive their targets.
In that message a QR code appears that apparently directs to a page to support Ukrainian NGOs. Since it breaks and does not direct anywhere, the idea is for victims to respond to that email. Later, they receive another one in which a malicious link.
If Star Blizzard achieves its objective, it will gain access to the whatsapp messages of those affected.
«If you want to link your WhatsApp account to another device you should only do so through services officially supported by the application. Not through third parties. “They should only click on links from people they know and trust,” said a company spokesperson quoted by ‘The Guardian’.
The main objectives of the Russian hacker group They usually belong to or are related to governments, diplomacy, defense, and international relations. Although it has also been addressed to journalists and other actors such as NGOs.
A WhatsApp spokesperson said: «If you want to link your WhatsApp account to a companion device, you should only do so by going to WhatsApp’s officially supported services – and not through third-party websites. And no matter what service you’re on, you should only click on links from people you know and trust.»
According to a blogpost by Microsoft, victims receive an email from an attacker impersonating a US government official, enticing the recipient to click on a QR code that gives the attacker access to their WhatsApp account. The code, instead of giving access to a WhatsApp group, connects an account to a linked device or the WhatsApp Web portal.
“The threat actor can gain access to the messages in their WhatsApp account and have the capability to exfiltrate this data,” Microsoft said.
Microsoft did not state whether data had been successfully stolen from targeted WhatsApp accounts.
It said the fake email was an invitation to join a WhatsApp group on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.” As well as targeting ministers and officials in unnamed countries, the campaign has attempted to snare people involved in diplomacy, defense policy and international relations research related to Russia, as well as work related to helping Ukraine in its war with Russia.
In 2023, the NCSC said Star Blizzard had targeted British MPs, universities and journalists among others, in efforts to “interfere with UK politics and democracy.” It described Star Blizzard as being “almost certainly subordinate” to the FSB’s Center 18 unit. As part of the 2023 announcement, the UK imposed sanctions on two Star Blizzard members including an officer in the FSB.
Microsoft said the WhatsApp campaign appeared to have been wound down in November but the shift in tactics by Star Blizzard underlined the unit’s tenacity in using spear phishing – the term for targeting specific individuals or groups with malicious emails – to try to access sensitive information. The increasingly popular practice of using QR codes by cybercriminals is called “quishing” among the cybersecurity community.
#group #Russian #hackers #access #WhatsApp #messages #world #ministers
