Russian-linked group Star Blizzard has been blamed by researchers for conducting phishing email operations targeting government ministers, officials, and diplomats all over the globe. These hacking attacks use malware that helps gain control of targeted WhatsApp accounts through QR codes.
This attack mode is quite different from other hacks and points toward consistent but changing cyber-attack threats in coordination with cyber hackers who enjoy State support.
Fake Email Invitation on WhatsApp
As Microsoft details in its blog, Star Blizzard hackers used phishing emails disguised as official invitations to join WhatsApp groups. These emails contained QR codes claiming to offer access to exclusive groups related to non-governmental initiatives supporting Ukraine. Instead, the QR codes granted the hackers access to victims' WhatsApp accounts by linking them to unauthorized devices or web portals.
In what is being described as "quishing" within cybersecurity circles, this method involves the increasing adoption of QR codes in digital transactions. Though whether the campaign is successful in making off with the sensitive information has not been proven, its target has included diplomatic personnel, policymakers on defense matters, and Russia-Ukraine researchers.
UK Uncovers Star Blizzard's Connection
The UK's National Cyber Security Centre (NCSC) links Star Blizzard with Russia's Federal Security Service (FSB), more precisely with its Centre 18 unit. Star Blizzard hacked into British MPs', universities, and journalists' accounts in 2023. This was against Britain's political processes, as well as democratic trust. The UK sanctioned two Star Blizzard members: both an FSB officer, The Guardian reports.
Spear Phishing on the Rise
According to reports, the WhatsApp campaign has been reportedly wound down in November. It forms part of a larger trend known as spear phishing, which is targeting specific individuals or groups with highly tailored emails to gain access to sensitive information.
Cybersecurity experts warn that these sophisticated attacks demonstrate an alarming level of persistence and adaptability by state-linked hacking units.
How Microsoft and WhatsApp Respond to the Incident
Microsoft warned the users in targeted sectors to be alert and to scrutinize their emails. It cautioned users to verify their emails, especially those containing links or QR codes, before clicking on them, and also verify the identity of the sender through known contact details.
According to WhatsApp, owned by Meta, one should use officially supported services only for linking accounts.
"Only click on links from people you know and trust," a spokesperson said, adding that users should remain cautious when handling QR codes in emails.
The Rise of Quishing in Cybersecurity
This attack shows the growing use of QR codes in phishing schemes. "Quishing" allows hackers to avoid traditionally used defenses against phishing schemes, so strict security measures are needed at an organization and individual level.
How to Stay Safe from Advanced Threats
To counter threats like those posed by the campaign of Star Blizzard, experts advise the following:
- Verify whether the e-mail has legitimate content by contacting the sender using previously verified means of communication.
- Only use the official apps or services to link accounts or make sensitive actions.
- Enhance account security by using MFA whenever possible.
- Training and updates on current cybersecurity threats may help reduce risk in professional and personal environments.
