Criminals linked to the Federal Security Service of Russia sent phishing emails to specific targets, asking them to join WhatsApp groups to gather information about the work of non-governmental organizations providing aid to Ukraine.
According to a study by Microsoft, the phishing messages often appeared to come from a U.S. government official and included a QR code that supposedly provided details about initiatives aimed at supporting Ukraine. Microsoft did not report whether any of these attempts resulted in successful account breaches or data extraction by hackers.
According to Microsoft, these cyberattacks were linked to the hacker group Star Blizzard, which is likely state-sponsored by Russia.
In a statement, WhatsApp emphasized that it protects private conversations through end-to-end encryption but urged users to only click on links they receive from trusted sources. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) stated in December that the Star Blizzard group is "almost certainly" connected to the FSB of Russia.
CISA also noted that Star Blizzard specializes in researching potential targets on social media, identifying their professional contacts, and creating email accounts that disguise themselves as trusted partners.
Microsoft's Threat Intelligence service also recorded that the Russian hacker group Midnight Blizzard is sending thousands of phishing emails targeting government and non-governmental organizations, IT service providers, academic circles, and the defense sector.
"As part of our continuous monitoring, analysis, and reporting on the threat landscape, we are sharing our information on Star Blizzard’s latest activity to raise awareness of this threat actor’s shift in tradecraft and to educate organizations on how to harden their attack surfaces against this and similar activity. We also directly notify customers who have been targeted or compromised, providing them with the necessary information to help secure their environments," statement reads.
