Russian state-linked hackers, operating under the unit Star Blizzard, have launched a new phishing campaign targeting the WhatsApp accounts of government ministers and officials worldwide. According to Britain’s National Cyber Security Centre (NCSC), Star Blizzard, linked to Russia’s FSB spy agency, aims to undermine political trust in the UK and other similar nations.
Victims receive an email impersonating a US government official, inviting them to join a WhatsApp group. The email contains a QR code that, when scanned, links the victim’s WhatsApp account to an attacker-controlled device or WhatsApp Web, granting the hacker access to sensitive messages. Microsoft confirmed that this tactic allows hackers to exfiltrate data but did not specify whether data was successfully stolen.
The campaign has targeted individuals involved in diplomacy, defence, and Ukraine-related initiatives. This marks the latest attempt by Star Blizzard, which had previously targeted British MPs, universities, and journalists. Microsoft noted that while the campaign seemed to have wound down by November, the use of QR codes in phishing attacks, or ‘quishing,’ shows the hackers’ continued efforts to gain access to sensitive information.
WhatsApp, owned by Meta, emphasised that users should avoid scanning suspicious QR codes and should only link their accounts through official services. Experts also recommend verifying suspicious emails by contacting the sender directly through a known, trusted email address.
Crypto scammers have increasingly turned to Telegram malware scams, with reports revealing a staggering 2,000% rise in such incidents since November. Unlike traditional phishing scams, these schemes involve fake verification bots within bogus trading, airdrop, and alpha groups, tricking users into downloading malware. Once installed, the malware allows attackers to steal passwords, crypto wallet keys, and browser data.
Security experts have noted this shift as scammers adapt to user awareness of phishing links. Malware tactics, such as fake Cloudflare verification pages and copied text injection, now dominate the landscape. Security firm Scam Sniffer highlighted that these scams target legitimate communities and rely on sophisticated social engineering to lure victims.
The consequences are severe yet difficult to measure, with $2.3 billion stolen in 2024 across 165 incidents, according to Cyvers. Whilst losses in December were lower than usual, scammers continue to evolve their methods, making these attacks increasingly challenging to counter.
Polymarket, a cryptocurrency-based prediction market, has come under fire for alleged violations of Singapore’s strict gambling laws. Authorities blocked access to the platform, deeming it an unlicensed gambling site. Those who attempt to bypass restrictions risk hefty fines and jail time under the Gambling Control Act 2022.
Further criticism erupted as Polymarket allowed users to bet on tragic events like the devastating Palisades wildfire in Los Angeles. The platform’s wildfire-related betting markets have been widely condemned as unethical, with accusations of profiting from human suffering. Polymarket’s attempts to defend its actions have done little to appease public outrage.
Meanwhile, Polymarket faces intense scrutiny in the US. The FBI recently raided CEO Shayne Coplan’s residence, seizing electronic devices, while the CFTC subpoenaed Coinbase for information on the platform’s activities. Despite its rapid growth during the US elections, with record-breaking trading volumes, Polymarket now grapples with plummeting activity and mounting regulatory challenges.
A French interior designer, identified as Anne, has fallen victim to a sophisticated scam in which she was tricked into believing she was in a relationship with actor Brad Pitt. Over the course of a year, the scammer, using AI-generated images and fake social media profiles, manipulated Anne into sending €830,000 for purported cancer treatment after a fabricated story involving the actor’s frozen bank accounts.
The scam began when Anne received messages from a fake ‘Jane Etta Pitt,’ claiming the Hollywood star needed someone like her. As Anne was going through a divorce, the AI-generated Brad Pitt sent declarations of love, eventually asking for money under the guise of urgent medical needs. Despite doubts raised by her daughter, Anne transferred large sums, believing she was saving a life.
The truth came to light when Anne saw Brad Pitt in the media with his current partner, and it became clear she had been scammed. However, instead of support, her story has been met with cyberbullying, including mocking social media posts from groups like Toulouse FC and Netflix France. The harassment has taken a toll on Anne’s mental health, and police are now investigating the scam.
The case highlights the dangers of AI scams, the vulnerabilities of individuals, and the lack of empathy in some online responses.
A massive data breach has hit Gravy Analytics, a major US location data broker, compromising precise smartphone location data and internal company information. Hackers claim to have gained access to the company’s systems since 2018, exposing sensitive coordinates that track individuals’ movements. The stolen data includes customer details from prominent firms like Uber, Apple, and government contractors.
Gravy Analytics, through its subsidiary Venntel, has previously sold large amounts of location data to US government agencies. The breach highlights significant security lapses, with the stolen data now at risk of being sold on the dark web. The precise latitude and longitude records could put individuals, especially those in vulnerable positions, in danger.
The incident has sparked fresh scrutiny over data brokers, who often collect and sell sensitive information with little transparency. In December, the FTC moved to restrict Gravy Analytics from selling location data except in cases of national security or law enforcement. Critics argue that these companies prioritise profits over privacy and have called for stricter regulations to hold them accountable.
The UK‘s prisons watchdog has warned that drones are becoming a serious national security threat due to a surge in the smuggling of weapons, drugs, and other contraband into high-security jails. Charlie Taylor, the chief inspector of prisons, called for immediate action from the police and government following investigations into two of England and Wales’ most dangerous prisons, HMP Manchester and HMP Long Lartin. Both facilities, holding notorious criminals and terrorism suspects, have seen an increase in illicit deliveries by drones, putting staff, inmates, and public safety at risk.
Taylor’s report highlights how gangs have exploited weaknesses in security, including the deterioration of basic anti-drone measures like protective netting and CCTV. At Long Lartin, inspectors found that large quantities of illicit items were being delivered, fueling violence and unrest among prisoners. At HMP Manchester, inmates were burning holes in windows to facilitate drone deliveries, raising concerns about potential escapes and further disruptions.
The growing use of sophisticated drones, capable of carrying large payloads and flying under the radar, has made it increasingly difficult for prison authorities to control the flow of contraband. While some prisons have deployed counter-drone technology, most do not block drones from approaching, leaving many vulnerable to this growing threat.
Prison officials are now under mounting pressure to confront this new challenge, with experts warning that the situation is a matter of national security. Taylor also highlighted the need for a more robust approach to tackling gang activity and reducing the supply of illegal items that undermine prison safety.
Unacast has informed Norwegian authorities of a data breach involving its subsidiary Gravy Analytics. The announcement was revealed in a notice published by Norwegian broadcaster NRK.
The breach involved a compromised web server using a misappropriated key, with some stolen files potentially containing personal data. Unacast’s legal representatives, BakerHostetler, confirmed the breach was discovered on 4 January, though the exact timing remains under investigation.
Repeated attempts to reach Unacast and its legal team for comment have gone unanswered. Norway’s data protection authority also could not be reached for further statements after business hours on Friday.
Gravy Analytics had been at the centre of online speculation last week, with experts confirming the authenticity of leaked data. Investigations into the full extent of the breach are ongoing.
US National Security Adviser Jake Sullivan has stated that the United States has taken steps in response to these intrusions, sending clear messages to China about the consequences of disrupting American critical infrastructure.
The breaches have raised significant concerns about national security and the resilience of US critical infrastructure against sophisticated cyber threats. While companies like AT&T and Verizon have reported that their networks are now secure and are collaborating with law enforcement, the extent and impact of these breaches continue to be scrutinised.
China has denied involvement in these cyber activities, accusing the United States of disseminating disinformation. Nonetheless, the revelations have intensified discussions about the need for enhanced cybersecurity measures to protect sensitive communications and infrastructure from state-sponsored cyber espionage.
Litecoin’s X social media account fell victim to hackers on 11 January, briefly promoting a fake Litecoin token on the Solana network. The fraudulent post included a contract address and scam link but was deleted after Litecoin regained control of the account. According to the Litecoin team, the breach occurred due to a compromised delegated account, which has since been removed.
This incident highlights a troubling trend of account hacks on X, with scammers exploiting high-profile accounts to promote fake tokens and phishing links. Victims in recent months include EigenLayer, Wiz Khalifa, the Cardano Foundation, and Yat Siu, co-founder of Animoca Brands. Each hack involved fraudulent campaigns, some generating significant trading volumes before being uncovered.
As scams on social media platforms rise, users are urged to exercise caution and verify information before engaging with any token promotions.
OpenSea users are facing increased risks after over 7 million email addresses were exposed in a data breach dating back to 2022. The breach occurred when an employee of Customer.io, OpenSea’s email delivery partner, mishandled user data, sharing email addresses with an unauthorised third party. This data includes the emails of major figures in the crypto world, raising concerns about potential phishing attacks and scams.
Blockchain security expert 23pds highlighted the growing threat, warning that the leaked information had been circulated multiple times before becoming public. OpenSea had previously alerted users about phishing risks following the breach, advising them to be cautious with email links and attachments.
Phishing scams targeting OpenSea users have been a persistent issue, with attackers using fake websites and fraudulent email campaigns to exploit vulnerabilities. One such scam in January 2024 promised exclusive access to an NFT event, only to direct victims to a malicious site designed to steal funds and wallet information.
Experts continue to advise users to stay vigilant, verify email sources, enable two-factor authentication, and never share sensitive wallet details to protect themselves from ongoing phishing threats.
