Russian hackers linked to the country’s FSB have recently set their sights on the WhatsApp accounts of government ministers and officials around the world. The group, known as Star Blizzard, is using a new tactic to gain access to sensitive information, as per a report by The Guardian.
Victims receive emails that appear to be from a US government official, inviting them to join a WhatsApp group, as per a Microsoft blogspot. However, instead of adding them to a group, the QR code in the email links the recipient’s WhatsApp account to a device, giving the hackers access to personal messages. This marks a shift in the group’s usual methods, which have often involved more traditional hacking strategies.
The UK’s National Cyber Security Centre (NCSC) has linked Star Blizzard to efforts aimed at disrupting political processes in the UK and other countries. Microsoft, which uncovered the campaign, described it as a sophisticated phishing attack targeting people involved in diplomacy, defense policy, and Ukraine-related matters. The attack raises concerns over the growing tactics of state-backed cybercriminals and the evolving threats to international security.
How the WhatsApp phishing attack works
The attack begins with an email disguised as an official invitation from a US government official, offering access to a WhatsApp group focused on supporting Ukraine’s non-governmental organizations. Instead of adding the recipient to the group, the QR code within the email connects the victim’s WhatsApp account to a hacker’s device or WhatsApp Web. This gives the attackers the ability to read messages and potentially steal data. While Microsoft hasn’t confirmed whether data was successfully stolen, the risk of personal information being accessed is significant.
This approach highlights a new level of sophistication in the way hackers are targeting high-profile individuals. Rather than relying on simple, broad-based attacks, they are now tailoring their efforts to specific individuals in key positions, hoping to get valuable, sensitive information.
Star Blizzard’s focus on politics and international relations
Star Blizzard’s targets haven’t just been random individuals, as per the report by The Guardian. The hackers have been going after government ministers, officials, and even people involved in diplomacy and international relations, particularly those connected to the ongoing war in Ukraine. The group seems to be aiming for people whose work could provide valuable insights into political or defence matters.
This isn’t the first time Star Blizzard has attempted to interfere in political processes. In 2023, the NCSC linked the group to attacks on British MPs, universities, and journalists, all in an effort to influence UK politics. In response, the UK government imposed sanctions on two key members of the group. This ongoing activity shows just how persistent and strategic these cybercriminals can be in their attempts to infiltrate sensitive political and diplomatic circles.
The growing threat of ‘quishing’ and how to stay safe
This new attack also signals the rise of a cybercrime tactic known as “quishing,” a term used for phishing attacks involving QR codes. As QR codes become more popular for everything from payments to event check-ins, hackers are increasingly using them to trick people into giving up access to their accounts. For those targeted, this can be a tough risk to spot, especially when the emails appear legitimate.
To protect yourself, experts recommend being extra cautious with emails that include links or QR codes, particularly if they come from unknown sources. If you’re ever in doubt, reach out to the sender through a trusted communication method to verify the message. WhatsApp also advises users to only link their accounts to companion devices through official services and not third-party websites. By staying alert, you can help ensure that you don’t fall victim to these increasingly sophisticated scams.
