LATEST NEWS:

Russian hackers target WhatsApp accounts of ministers around the world

Russian hackers target WhatsApp accounts of ministers around the world

Hackers linked to the Russian state have targeted the WhatsApp accounts of government ministers and officials around the world with emails inviting them to join user groups on the messaging app.

It is learned that the tactic used marks a new approach by a hacking unit called Star Blizzard.

Britain's National Cyber ​​Security Centre (NCSC) has linked Star Blizzard to Russia's domestic spy agency, the FSB, and accused it of seeking to "undermine trust in politics in the UK and like-minded states."


According to a blog post from Microsoft, "victims" receive an email from an attacker impersonating a US government official, enticing the recipient to click on a QR code that gives the attacker access to their WhatsApp account.

The code, instead of granting access to a WhatsApp group, links an account to a connected device or to the WhatsApp web portal, it writes. the Guardian, the Telegraph reports.

"The threat actor could gain access to messages in their WhatsApp account and have the ability to exploit this data," Microsoft said.

But, Microsoft did not state whether data was successfully stolen from the targeted WhatsApp accounts.

The company said the fake email was an invitation to join a WhatsApp group on "the latest non-governmental initiatives aimed at supporting Ukraine."

In addition to targeting ministers and officials in unidentified countries, the campaign has attempted to ensnare people involved in diplomacy, defense policy, and international relations.

In 2023, the NCSC said that Star Blizzard had targeted British MPs, universities and journalists, among others, in an attempt to "interfere with UK politics and democracy."

As part of the 2023 announcement, the United Kingdom imposed sanctions on two members of Star Blizzard including an officer in the FSB.

Microsoft said the WhatsApp campaign appeared to have been discontinued in November, but Star Blizzard's change of tactics underscored the entity's persistence in using spear phishing - the term for targeting specific individuals or groups with malicious emails - to obtain sensitive information.

It is reported that the increasingly popular practice of using QR codes by cybercriminals is called "quishing" in the cybersecurity community.

Microsoft recommended that email users belonging to sectors targeted by Star Blizzard should "always remain vigilant" when dealing with emails, especially messages containing external links.

"When in doubt, contact the person you think is sending the email using a known, previously used email address to verify that the email was indeed sent by them," Microsoft explained.

WhatsApp, which is owned by Facebook's parent company Meta, is an end-to-end encrypted app, meaning that only the sender and recipient of a message can see it, unless the user is tricked into giving it access to their account. /Telegraph/