Russian hackers attack WhatsApp to obtain data on Ukraine

A group of hackers allegedly linked to Russia’s Federal Security Service (FSB) tried to steal WhatsApp data from employees of non-governmental organizations providing assistance to Ukraine, Microsoft reports.

Microsoft Threat Intelligence has noted that the cyberattacks were organized by a group known as Star Blizzard, which is likely to be supported by the Russian state. The researchers found that the attackers sent phishing emails posing as representatives of the US government.

These messages invited recipients to join WhatsApp groups, allegedly to receive information about initiatives to support Ukraine. The emails contained QR codes that supposedly provided additional data, but were most likely used to steal confidential information.

Microsoft has not confirmed whether the hackers have successfully hacked into any systems. However, Microsoft noted that, in cooperation with them, the US Department of Justice has already removed or blocked 180 Star Blizzard-related websites since October 2024.

Star Blizzard has continuously improved their detection evasion capabilities while remaining focused on email credential theft against the same targets.

Microsoft Threat Intelligence reports that Star Blizzard, whose activities have historically supported both espionage and cyber influence objectives, continues to prolifically target individuals and organizations involved in international affairs, defense, and logistics support to Ukraine, as well as academia, information security companies, and other entities aligning with Russian state interests.

Microsoft has provided practical recommendations for users to harden networks against the Star Blizzard activity on its website.

Related: