The Russian hacker group known as Star Blizzard launched a new spear phishing campaign in November 2024, utilizing the messaging platform WhatsApp in a departure from their usual methods, Microsoft revealed in a blog post on January 16.
The hackers sent invitations to join WhatsApp groups to individuals involved in government, diplomacy, defense research, and organizations supporting Ukraine.
The messages often impersonated U.S. government officials and included QR codes to join groups claiming to focus on "the latest non-governmental initiatives aimed at supporting Ukrainian NGOs."
The purpose of the campaign was to trick targets into giving the hackers access to their WhatsApp accounts and sensitive data.
Microsoft suggested that this shift to WhatsApp might be a response to stronger cybersecurity efforts that have made Star Blizzard’s older methods less effective.
While the campaign seemed to wind down by late November, Microsoft warned that the group’s use of WhatsApp shows their ability to adapt and continue phishing efforts.
Russian hackers, including Star Blizzard, have been heavily involved in cyberattacks during the conflict in Ukraine. Their activities have included targeting Ukrainian infrastructure, hacking civilian systems in Europe, and interfering in elections.
