Russian hackers targeted WhatsApp accounts linked to aid efforts for Ukraine.

Hackers known as Star Blizzard, allegedly linked to the Russian FSB, attempted to steal data from WhatsApp. Their targets included employees of non-governmental organizations providing assistance to Ukraine, as well as current and former government officials, diplomats, and researchers in defense policy and international relations concerning Russia.

Microsoft reports this information.

Star Blizzard altered its long-standing attack strategy to focus on WhatsApp accounts, shifting from their previous emphasis on email.

During a campaign observed in mid-November 2024, Star Blizzard's initial approach involved sending emails purportedly from a U.S. government official, which contained a QR code meant to direct recipients to information about initiatives supporting Ukraine.

The QR code was compromised: it did not lead users to any legitimate domain, instead prompting recipients to respond to an alternative link. The subsequent message included a malicious shortened link designed to deceive targets into believing they were joining a WhatsApp group. In reality, the link directed them to a phishing website utilizing the QR code's account linking feature for WhatsApp. This tactic allows the attacker to gain unauthorized access to the victim's WhatsApp messages through its messaging web platform, potentially jeopardizing the privacy and confidentiality of sensitive communications.

Microsoft has not disclosed whether the hackers succeeded in breaching any systems. The company noted that in collaboration with them, the U.S. Department of Justice has already seized or blocked 180 websites associated with Star Blizzard since October.

Background. Earlier, Mind reported that Chinese hackers targeted the Office of Foreign Assets Control (OFAC) within the U.S. Treasury Department.