Russian Threat Actor "Star Blizzard" Exploit WhatsApp Accounts Using QR Codes

Microsoft Threat Intelligence has identified a concerning strategic shift by the notorious Russian threat actor group “Star Blizzard.” Known for its spear-phishing campaigns targeting government, diplomatic, and civil society sectors, the group has now expanded its tactics to compromise WhatsApp accounts.

In mid-November 2024, Microsoft observed Star Blizzard employing a novel method in their phishing campaigns.

The group, which historically targeted email communications, began leveraging WhatsApp as an attack vector.

Using spear-phishing emails, they lured victims by falsely offering access to a WhatsApp group claiming to share updates on “non-governmental initiatives supporting Ukraine NGOs.”

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Exploiting Familiar Tactics to Target WhatsApp

The phishing campaign involved a two-step email scheme. The first email, which purported to be from a U.S. government official, contained a quick response (QR) code that claimed to direct recipients to a WhatsApp group ...