Government-linked hackers from Russia targeted WhatsApp accounts of government officials worldwide by sending emails inviting them to join user groups on the messaging app.
This tactic by a hacking group called Star Blizzard is a new approach. The UK’s National Cyber Security Center (NCSC) has connected Star Blizzard to Russia’s FSB domestic spy agency, accusing them of trying to undermine trust in politics in the UK and similar countries.
According to Microsoft, victims would receive an email from an attacker posing as a US government official, instructing them to click on a QR code. This action would allow the attacker to access their WhatsApp account, connecting it to a linked device or WhatsApp web portal instead of a group.
Microsoft stated, “Threat actors gain access to messages within WhatsApp accounts and the ability to exfiltrate this data.”
The fake email invited recipients to join a WhatsApp group about supporting NGOs in Ukraine. Ministers and officials from various countries, especially those involved in Russia-related affairs, defense policy, and Ukraine support, were targeted.
In 2023, NCSC revealed that Star Blizzard had targeted British MPs, universities, and journalists to interfere with British politics. The group is likely affiliated with Russia’s FSB Center 18 unit.
Microsoft warned that despite the WhatsApp campaign ending in November, Star Blizzard continues to use spear phishing tactics to steal sensitive information.
Microsoft advised targeted sectors to be cautious with emails, especially those with external links. They recommend verifying email authenticity by contacting the sender through a known email address.
WhatsApp, owned by Meta, offers end-to-end encryption, ensuring message privacy between sender and recipient unless account access is compromised.
A WhatsApp spokesperson emphasized using official WhatsApp-supported services for account linking and caution when clicking links from trusted sources only.
Source: www.theguardian.com
