Russian hacker group Star Blizzard launch spear phishing attack via WhatsApp

According to a blog post by Microsoft on January 16, the Russian hacker collective Star Blizzard initiated a spear phishing operation in November using the messaging app WhatsApp, signifying a shift in their usual strategies.

Phishing messages employ social engineering techniques to manipulate recipients, leveraging emotions to deceive targets into sharing sensitive information or clicking on harmful links.

According to Microsoft, Star Blizzard has extended invitations to current and former government officials, diplomats, defense researchers, as well as individuals and groups providing support to Ukraine in light of Russia's extensive military campaign, to join a WhatsApp group.

This marks the debut of the hacker group utilizing this tactic.

According to Microsoft, the transition to WhatsApp could be linked to effective cybersecurity measures that have uncovered Star Blizzard's tactics.

In the latest campaign, hackers from Star Blizzard pretended to be U.S. government officials in emails that urged recipients to join a WhatsApp group using a QR code. The group, posing as centered on 'current non-governmental efforts to aid Ukraine NGOs,' was created by the hackers.

The campaign aimed to access targets' WhatsApp accounts in order to extract their data.

Although the campaign appeared to lessen in late November 2024, Microsoft cautioned that the change in strategy demonstrates Star Blizzard's adaptability and determination to persist in spear phishing attacks to acquire sensitive data.

Russian hacker groups have been involved in multiple types of cyber warfare during the entire conflict, such as launching cyberattacks on Ukraine, targeting civilian infrastructure in Europe, and meddling in foreign election processes.