Russian hackers target global officials with WhatsApp phishing campaign

In a phishing campaign that targets diplomats and officials.

An Indian tribunal has paused the WhatsApp data-sharing ban during an ongoing review of the case.

Russian state-linked hackers, operating under the unit Star Blizzard, have launched a new phishing campaign targeting the WhatsApp accounts of government ministers and officials worldwide. According to Britain’s National Cyber Security Centre (NCSC), Star Blizzard, linked to Russia’s FSB spy agency, aims to undermine political trust in the UK and other similar nations.

Victims receive an email impersonating a US government official, inviting them to join a WhatsApp group. The email contains a QR code that, when scanned, links the victim’s WhatsApp account to an attacker-controlled device or WhatsApp Web, granting the hacker access to sensitive messages. Microsoft confirmed that this tactic allows hackers to exfiltrate data but did not specify whether data was successfully stolen.

The campaign has targeted individuals involved in diplomacy, defence, and Ukraine-related initiatives. This marks the latest attempt by Star Blizzard, which had previously targeted British MPs, universities, and journalists. Microsoft noted that while the campaign seemed to have wound down by November, the use of QR codes in phishing attacks, or ‘quishing,’ shows the hackers’ continued efforts to gain access to sensitive information.

WhatsApp, owned by Meta, emphasised that users should avoid scanning suspicious QR codes and should only link their accounts through official services. Experts also recommend verifying suspicious emails by contacting the sender directly through a known, trusted email address.