This post is also available in:
עברית (Hebrew)
Star Blizzard, a notorious Russian hacker group, has recently escalated its cyber tactics by leveraging QR codes in a phishing campaign that targets Western officials via WhatsApp. This new method marks a significant evolution in the group’s approach to cyberattacks, introducing a more direct and sophisticated strategy.
According to Cybernews, the attack begins innocuously enough, with a public official receiving an email containing a QR code. The message, supposedly from “American government officials,” claims to support Ukrainian NGOs. However, the QR code itself does not lead to a valid website. The goal is to provoke the recipient into engaging with the hacker group by responding to the email.
Once the victim engages, Star Blizzard sends another email with a link leading them to a WhatsApp group. Inside this group, the victim is presented with a new QR code. If scanned, this second QR code provides the hackers with access to the target’s WhatsApp messages, enabling them to steal sensitive information directly from the account.
Star Blizzard has been active since 2017, and is known for targeting high-profile individuals. The group has consistently refined its methods to enhance the success of its operations. Previously, Star Blizzard relied on email exchanges to build trust, ultimately leading victims to malicious links that harvested sensitive credentials. Now, with the use of QR codes and WhatsApp, the group has shifted to a more streamlined, real-time attack model.
The group’s ability to adapt to open-source platforms and social media highlights their versatility and persistence. Attacks initiated through these channels have predominantly affected targets in the UK and the US, with their scams often appearing credible due to the careful impersonation of trusted figures.
While these phishing efforts represent a new phase in Star Blizzard’s operations, they are part of a broader wave of cyber warfare tactics that have been heavily employed since the Russian invasion of Ukraine. As these attacks continue to evolve, it’s clear that the threat from groups like Star Blizzard is only growing more sophisticated.
