Hackers linked to the Russian state have attacked the WhatsApp accounts of ministers and government officials around the world with emails inviting them to join user groups on the messaging app.
WhatsApp’s tactic marks a new approach by a hacking unit called Star Blizzard. Britain’s National Cyber Security Center (NCSC) has linked Star Blizzard to Russia’s domestic spy agency, the FSB, and accused it of trying to “undermine confidence in politics in the UK and states with ideas.” related”.
According to a Microsoft blog post, victims receive an email from an attacker posing as a US government official, prompting the recipient to click on a QR code that gives the attacker access to their WhatsApp account. The code, instead of giving access to a WhatsApp group, connects an account to a linked device or the WhatsApp web portal.
“The threat actor may gain access to messages in your WhatsApp account and have the ability to extract this data,” Microsoft said.
Microsoft did not indicate whether data had been successfully stolen from specific WhatsApp accounts.
He said the fake email was an invitation to join a WhatsApp group about “the latest non-governmental initiatives aimed at supporting Ukrainian NGOs.” In addition to targeting ministers and officials from unnamed countries, the campaign has attempted to ensnare people involved in diplomacy, defense policy and international relations research related to Russia, as well as work related to aid to Ukraine in its war with Russia.
In 2023, the NCSC said Star Blizzard had targeted British parliamentarians, universities and journalists, among others, in an effort to “interfere with UK politics and democracy.” He described Star Blizzard as “almost certainly subordinate” to the FSB’s Centro 18 unit. As part of the 2023 announcement, the United Kingdom imposed sanctions on two members of Star Blizzard, including an FSB officer.
Microsoft said the WhatsApp campaign appeared to have ended in November, but the change in tactics by Star Blizzard underscored the unit’s tenacity in using phishing (the term for targeting specific individuals or groups with malicious emails) to try to access confidential information. The increasingly popular practice of using QR codes by cybercriminals is called “quishing” among the cybersecurity community.
Microsoft recommended that email users in sectors targeted by Star Blizzard “always remain vigilant” when dealing with emails, particularly messages containing external links.
“If in doubt, contact the person you believe is sending the email using a known and previously used email address to verify that the email was actually sent by them,” it said.
WhatsApp, owned by Facebook’s parent company Meta, is an end-to-end encrypted app, meaning only the sender and recipient of a message can see it, unless the user is tricked into giving up access to it. your account.
A WhatsApp spokesperson said: “If you want to link your WhatsApp account to a companion device, you should only do so by accessing officially supported WhatsApp services, and not through third-party websites. And no matter what service you are on, you should only click on links from people you know and trust.”