The Russian hacker group Star Blizzard launched a spear phishing campaign in November via the messaging platform WhatsApp, marking a change in longstanding tactics, Microsoft reported in a blog post on Jan. 16.
Phishing messages use social engineering tactics to manipulate recipients, exploiting emotions to trick targets into revealing sensitive information or clicking malicious links.
Star Blizzard sent invitations to join a WhatsApp group to current and former officials in government and diplomacy, international relations and defense researchers, and people and organizations offering assistance to Ukraine amid Russia's full-scale war, according to Microsoft.
This is the first time the hacker group has been observed using this tactic.
The shift to WhatsApp may be related to successful cybersecurity efforts exposing Star Blizzard's techniques, Microsoft said.
In the most recent campaign, Star Blizzard hackers impersonated U.S. government officials in emails directing recipients to join a WhatsApp group via QR code. The WhatsApp group claimed to focus on "the latest non-governmental initiatives aimed at supporting Ukraine NGOs."
The purpose of the campaign was to gain access to targets' WhatsApp accounts and extract their data.
While the campaign seemed to subside in late November 2024, Microsoft warned that the shift in tactics signals Star Blizzard's versatility and "tenacity in continuing spear phishing campaigns to gain access to sensitive information."
Russian hacker groups have engaged in various forms of cyber warfare throughout the full-scale war, including cyberattacks against Ukraine, hacks of civilian infrastructure in Europe, and interference in foreign elections.
Daria Shulzhenko
