A hacking group with Russian ties attempts to convince diplomats to join a WhatsApp group through targeted attacks to take over the entire account.
According to a Microsoft Threat Intelligence Report, Russian Star Blizzard, a group operating on behalf of Russia, is attempting to take over users’ accounts with a spear phishing campaign. Spear phishing is a highly targeted attack, often targeting high-ranking people.
According to Microsoft, this method has been attempted since mid-November. In it, the victim supposedly receives an email from a US government employee inviting them to a WhatsApp group about non-government initiatives to support Ukraine.
Microsoft warns that the campaign explicitly targets government or diplomatic employees, including predecessors and successors to such positions. Those who research defence policy or international relations related to Russia are also at risk, as are those who support Ukraine in its defence against Russia.
Access to all chat conversations
If the QR code in the email doesn’t work, the victim might email back and say it doesn’t. If that happens, Star Blizzard sends a second email with a shortened URL. That URL ends up on a web page with a fake WhatsApp invitation with a new QR code.
The danger lies in that code, which does not add you to a group but is, in reality, a code to link your account to a PC (of the attacker). If you scan the code, you give the attacker full access to your WhatsApp messages. From then on, it is not so difficult to download all data, including photos and videos, and also to send messages on behalf of your account.
It is easy to check where your account is logged in on WhatsApp on your smartphone. The app’s settings allow you to see under ‘connected devices’ which devices WhatsApp Web is active on. You can also log out on those different devices.