From emails to encrypted chats, the Russian hacker group Star Blizzard is evolving. Their latest phishing campaign weaponizes QR codes on WhatsApp, signaling a new era of cyber warfare.
Picture this – a public official receives a QR code via email from “American government officials” that purports to support Ukrainian NGOs.
This intentionally broken QR code doesn’t send the recipient to any valid domain and is designed to entice users to reply to the threat actors.
The recipient has been hooked in two ways, firstly for the cause and secondly by the technical inconvenience.
Once the recipient responds, Star Blizzard will send another email containing a second link, which is meant to direct them to the initial WhatsApp group.
From there, the victim is directed to a new QR code that, if scanned, will give threat actors access to the messages in their account, meaning that Star Blizzard can exfiltrate the data.
This is a brand new scheme devised by Star Blizzard, a Russian hacking group that has been in operation since 2017, repeatedly targeting Western think tanks, journalists, and former military and intelligence officials.
This QR code scam actually subsided in November 2024, but the shift away from their typical modus operandi, which involved communicating via emails and social media, could forecast a more direct approach, shooting from the hip on WhatsApp.
According to Microsoft, this group is especially versatile and tenacious in obtaining sensitive and confidential information by any means necessary.
These attacks, initiated via an open-source platform and social media, have particularly affected targets in the UK and US.
By impersonating respected experts, their elaborate campaigns have had high levels of plausibility.
Star Blizzard has previously preferred to build up rapport over an exchange of emails, and once trust was established, a link would be sent to a document or website of interest.
This would be run through the hackers’ server, whereby there’d be a means of inputting sensitive account information, in the form of account credentials.
Then, anything they wanted to get their hands on from the user's inbox became possible.
These spear phishing campaigns are the tip of the iceberg, however, as cyber-warfare has been out of hand during the Ukrainian invasion, sabotaging and crippling civilian infrastructure, as well as manipulating and contaminating foreign elections.
Your email address will not be published. Required fields are markedmarked