017. Star Blizzard and Stolen WhatsApp accounts
Hello everyone! Yesterday Microsoft Threat Intelligence team shared some information on Star Blizzard's campaign targeting WhatsApp accounts.
So, the adversary sends a phishing email a quick response (QR) code purporting to direct users to join a WhatsApp group:
An example of phishing email
But the QR code is not valid, so if the victim responds with an email, the threat actors send another message, this time with a link, which leads to a phishing page with instructions how to "join the group". The QR code on the page allows the adversary to connect an account to a linked device and/or the WhatsApp Web portal, and exfiltrate messages.
Here are the indicators of compromise presented by Microsoft:
civilstructgeo[.]org
aerofluidthermo[.]org
See you tomorrow!
Comments
Post a Comment