Russia’s Star Blizzard Group sends typical targets spear-phishing messages, this time offering a supposed opportunity to join a WhatsApp group through scanning a QR code and further a link culminating the phishing attack, which stands exposed by Microsoft Threat Intelligence. This time Microsoft has noted a shift in New Star Blizzard’s approach wherein it is leveraging a new access vector to trample the security walls gaining access to the user’s device. 

The attackers are setting the foundation targeting Government officials or diplomats (both incumbent and former position holders), defense policy or international relations researchers whose work touches on Russia, and sources of assistance to Ukraine related to the war with Russia. This comes amid the increasing use of QR codes and WhatsApp communications in our day-to-day lives opening yet another avenue of exploitation. 

Star Blizzard Targeting WhatsApp: Reasons 

According to Microsoft’s blog post, the shift to compromising WhatsApp accounts is likely in response to the exposure of Star Blizzard’s TTPs by Microsoft Threat Intelligence and other organizations, including cybersecurity agencies in the US.  The threat actor is possibly trying to change its avenue to evade detection by agencies and bodies. 

New Star Blizzard: Are You in The Targets? 

Star Blizzard typically targets the following:

• Government or diplomacy (incumbent and former position holders)
• Research into defense policy or international relations when related to Russia
• Assistance to Ukraine related to the ongoing conflict with Russia

These have also been estimated as the most prominent targets of the recent attack. While the first two limit the targets, the 3trd one opens up the scope and levels it up to a global audience, common masses included.

New Star Blizzard TTP: How it can impact you? 

This can impact the common masses in several manners. One among them is the impact when other such actors adopt this and start net-trapping common people in the lure of joining their groups either in the name of helping people or for getting investment tips. 

The TTP followed by Star Blizzard includes providing the wrong Quick Response (QR) code first and a link to join the WhatsApp group increasing the chances of people falling prey to their, then and further too, to bad motives as QR-based payments and access are on the rise among the masses.

Also read: Indian Business Leaders Top The Charts with a Readiness of 35% in Combating Cybersecurity Threats

How you can keep yourself safe? 

To safeguard yourself against the evolving tactics employed by threat actors like Star Blizzard, exercise extreme caution when encountering QR codes or joining WhatsApp groups. Thoroughly scrutinize the source and authenticity of any links presented. Verify the credibility of the organization or individual disseminating the information through independent research or by cross-referencing with reliable sources. Maintain a healthy dose of skepticism and avoid impulsive decisions that could inadvertently compromise your digital security.