Russian state-linked hackers targeted the WhatsApp accounts of ministers and officials worldwide, carrying out attacks using emails that invited them to join user groups on the platform.
This tactic represents a new approach by the hacker group named Star Blizzard. The United Kingdom’s (UK) National Cyber Security Centre (NCSC) has linked it to Russia’s Federal Security Service (FSB), accusing it of seeking to “undermine trust in politics in the UK and like-minded states.”
According to experts, the attacks occur when victims receive an email from an attacker posing as a United States (U.S.)government official, urging the recipient to click on a QR code that enables access to their WhatsApp account. Instead of granting access to a WhatsApp group, the code links the account to an associated device or WhatsApp Web portal.
Hackers can then access the victim’s WhatsApp messages and potentially extract that data. It has not been disclosed whether any data was successfully stolen from the targeted WhatsApp accounts.
In addition to ministers and officials in unnamed countries, the campaign also attempted to target individuals involved in diplomacy, defense policy, and international relations research related to Russia, as well as those connected to aiding Ukraine in the war against Russia.
In 2023, Star Blizzard also targeted UK politicians, universities, and journalists, among others, aiming to “influence UK politics and democracy.”
As a result, email users in sectors targeted by Star Blizzard are advised to always exercise caution when handling emails, especially those containing external links.
“If you want to link your WhatsApp account to an associated device, you should do so only through officially supported WhatsApp services and not via third-party websites. Regardless of the service you use, you should only click on links from people you know and trust,” WhatsApp representatives stated.
