Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action

Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action

Here are the latest developments and relevant information on the topics you've asked about, though there is no specific mention of "Star Blizzard" in the sources provided. However, there are several related topics that involve phishing, credential harvesting, and spear-phishing campaigns, particularly those linked to Russian and Chinese threat actors.

Phishing and Credential Harvesting Using WhatsApp and QR Codes

  • There is a recent technique revealed by Mandiant where threat actors use QR codes to bypass browser isolation, enabling command transmission from command-and-control (C2) servers. While this is not specifically tied to WhatsApp, it highlights the innovative methods threat actors are using to evade security measures1.

Spear-Phishing Campaigns by Russian Threat Actors

  • Microsoft has warned of a large-scale spear-phishing campaign conducted by the Russia-linked APT group Midnight Blizzard. This campaign targets hundreds of organizations, indicating a significant and ongoing threat from Russian cyber actors1.

  • Russia-linked threat actors, such as TAG-110, have been employing custom malware like HATVIBE and CHERRYSPY to target organizations in Asia and Europe. These campaigns often involve spear-phishing and other social engineering tactics to gain initial access13.

Chinese Threat Actors and Phishing Campaigns

  • A Chinese state-sponsored group, RedDelta, has been targeting governments, diplomatic entities, and organizations linked to Chinese strategic interests. Their methods include spear-phishing using various tactics such as Windows Shortcut (LNK) files, Microsoft Management Console Snap-In Control (MSC) files, and HTML files hosted on Microsoft Azure. Cloudflare’s content distribution network (CDN) is used to obfuscate command-and-control traffic2.

  • Another Chinese-linked APT group, Mustang Panda, has been using PlugX malware, which is spread through spear-phishing campaigns, exploiting vulnerabilities, or using malicious attachments. This group has received funding from the PRC government and has targeted entities in the United States, Europe, and Asia5.

General Recommendations and Mitigations

  • To counter these threats, it is recommended to use detection tools, keep software updated, filter email for malicious attachments, and ensure network defenses are robust. Additionally, being cautious with links and attachments, especially those received via spear-phishing campaigns, is crucial2.

In summary, while there is no specific information on "Star Blizzard" WhatsApp phishing tactics, the ongoing activities of Russian and Chinese threat actors highlight the need for vigilance against sophisticated phishing and spear-phishing campaigns. These actors continue to evolve their methods, making it essential to stay updated with the latest security measures and best practices.