Category: Star Blizzard

Microsoft’s Threat Intelligence teams have uncovered and exposed a spear phishing campaign targeting WhatsApp accounts, attributed to the Russian-linked hacker group Star Blizzard. The campaign began in October 2023 and continued through August 2024.

Following extensive analysis, Microsoft’s experts revealed that the campaign primarily targeted journalists, politicians, think tanks, and NGO leaders. These individuals’ data was collected and transmitted to remote servers, according to the company’s findings.

Star Blizzard’s method was straightforward: they initially sent a link to WhatsApp users that appeared to be from a well-known U.S.-based organization, such as a government agency, NGO, or public utility. Once a user engaged with the link, they were subsequently sent an email containing a malicious web link. This was the beginning of the covert operation to gather sensitive information from the victims without their awareness.

The U.S. Department of Justice, in collaboration with the FBI, has identified and taken action against those responsible for the campaign. They seized the perpetrators’ IT infrastructure and gathered substantial evidence. However, the threat remains persistent as the attackers continue to find new ways to carry on their cybercriminal activities.

It’s worth noting that this tactic mirrors previous incidents, such as the spread of Pegasus spyware by the NSO Group. Originally developed for government use to monitor terrorists and criminals, Pegasus made its way to the dark web and was eventually used to infiltrate the device of Amazon founder Jeff Bezos via WhatsApp, leading to a high-profile personal scandal.

Similarly, Star Blizzard appears to be carrying out surveillance on behalf of the Kremlin, conducting spear phishing campaigns to gather intelligence for political or strategic purposes.

 

The post Microsoft exposes WhatsApp Spear Phishing Campaign of Star Blizzard appeared first on Cybersecurity Insiders.

In a historic move that underscores the escalating battle against cybercrime, Microsoft has publicly acknowledged its role in launching a cyber offensive against a Russian-funded threat actor known as Star Blizzard. This action, the first of its kind from a major technology firm, aims to disrupt Star Blizzard’s operations permanently, following a civil action order issued by the United States District Court for the District of Columbia.

The Catalyst for Action

Star Blizzard has been implicated in a series of cyberattacks targeting American organizations, journalists, think tanks, and NGOs, primarily through phishing campaigns. These attacks are designed to siphon sensitive data and disrupt operations across networks. According to Microsoft’s Digital Crimes Unit (DCU), Star Blizzard has specifically targeted 30 civil society organizations, predominantly those operating within Microsoft Windows environments.

The decision to retaliate comes amid growing frustration over the increasing sophistication of such cyber threats, which have become a persistent headache for entities across various sectors. Microsoft’s intervention reflects not only a commitment to safeguarding its users but also an acknowledgment of the need for proactive measures in the face of mounting cyber risks.

The Nature of the Threat

One of the most troubling aspects of Star Blizzard’s operations is its modus operandi. The group often masquerades as legitimate employees, using social engineering tactics to deceive their targets into divulging sensitive credentials. This infiltration allows them to harvest information, which they can either analyze for malicious purposes or sell on the dark web. Such tactics highlight the challenges organizations face in maintaining cybersecurity, particularly when human factors are involved.

Despite Microsoft’s aggressive action, experts caution that this may not significantly deter the Advanced Threat Group. Cybercriminals often possess deep financial resources and are distributed across the globe, enabling them to quickly regroup and continue their operations. This reality raises questions about the effectiveness of individual corporate actions against well-funded, sophisticated adversaries.

Microsoft’s New Offerings

In a surprising twist, while Microsoft has launched its offensive, it has also announced a new offering for its users: a free version of the Office 2024 suite. This new software allows users to access essential productivity tools without the burden of an annual subscription. However, potential users should be aware of some limitations. The Office 2024 suite is designed for use on a single laptop or Mac and will not receive major security updates or access to advanced features like Copilot AI, both of which are reserved for Microsoft 365 subscribers.

The Microsoft Office 2024 suite is compatible with Windows 10 and Windows 11 PCs, as well as Macs operating on macOS Ventura, Sonoma, or Sequoia. This initiative reflects Microsoft’s efforts to expand its user base and provide alternatives to those who may be hesitant to commit to a subscription model.

Conclusion

Microsoft’s bold move against Star Blizzard represents a significant moment in the ongoing fight against cybercrime. As the landscape of digital threats continues to evolve, the actions taken by major technology firms like Microsoft will play a crucial role in shaping the future of cybersecurity. While the immediate impacts of this offensive remain to be seen, the acknowledgment of such a high-profile cyber confrontation marks a turning point in how corporations engage with the complex world of cyber threats. As users navigate these developments, the launch of free software options offers a silver lining, catering to a broader audience in an increasingly interconnected digital landscape.

The post Microsoft Takes Unprecedented Action Against Cyber Threat Actor Star Blizzard appeared first on Cybersecurity Insiders.

Star Blizzard, a hacking group allegedly sponsored by Russia’s intelligence agency Centre 18, has recently made headlines for engaging in long-term espionage on prominent figures in the United Kingdom, including top politicians, journalists, and bureaucrats. The discovery of this covert activity is recent, and the extent of the damage is yet to be fully assessed.

Over the years, various nations, such as China, Russia, North Korea, and more recently, Iran, have been involved in spying on Western populations and governments. However, the current situation takes a more serious turn as the Kremlin is directly accused of orchestrating digital attacks on the critical infrastructure of the United Kingdom.

The government led by Rishi Sunak has not only pointed fingers at Star Blizzard but has also leveled allegations against the Federal Security Service (FSB) of Moscow, the official spy agency overseen by Ruslan Aleksandrowich Peretytko and Andreah Stanislavovich Korinets.

American cybersecurity company ‘SecureWorks’ has investigated these claims and, after a comprehensive analysis, concluded that Centre 18 has been responsible for a significant portion of destructive cyber activities in the West since 2017. Notably, this intelligence agency was previously linked to an attack on Yahoo, resulting in the theft of over 50 million email addresses and user information between 2016 and 2017.

The FSB reportedly directed Centre 18 to shift its focus primarily to Ukraine from May 2022, shortly after the conclusion of Russia’s conflict with the Zelenskyy-led nation. Subsequently, the agency’s mandate expanded to include spying and intelligence gathering from all developed nations, collaborating with other hacking groups such as Sandworm, Fancy Bear, and Cozy Bear.

Star Blizzard, identified as one of Centre 18’s espionage teams, had been actively infiltrating UK government networks for an extended period. However, a joint effort by MI6 and GCHQ’s cyber arm, the National Cyber Security Centre (NCSC), successfully detected and neutralized the group in September 2023, putting an end to the years-long drama of invading the privacy of privileged citizens.

The post Star Blizzard launched Cyber Attacks on UK since years appeared first on Cybersecurity Insiders.