The Russian hacker group Star Blizzard launched a spear phishing campaign in November via the messaging platform WhatsApp, marking a change in longstanding tactics, Microsoft reported in a blog post on 16 January 2025.
Phishing messages use social engineering tactics to manipulate recipients. They exploit emotions to trick targets into revealing sensitive information or clicking malicious links.
According to Microsoft, Star Blizzard invited current and former officials in government and diplomacy, international relations and defense researchers, and people and organizations offering assistance to Ukraine amid Russia’s full-scale war to join a WhatsApp group.
This is the first time the hacker group has been observed using this tactic.
Microsoft said the shift to WhatsApp may be related to successful cybersecurity efforts exposing Star Blizzard’s techniques.
In the most recent campaign, Star Blizzard hackers impersonated U.S. government officials in emails directing recipients to join a WhatsApp group via QR code. The WhatsApp group claimed to focus on “the latest non-governmental initiatives aimed at supporting Ukraine NGOs.“
The campaign aimed to gain access to targets’ WhatsApp accounts and extract their data.
While the campaign seemed to subside in late November 2024, Microsoft warned that the shift in tactics signals Star Blizzard’s versatility and “tenacity in continuing spear-phishing campaigns to gain access to sensitive information.”
Russian hacker groups have engaged in various forms of cyber warfare throughout the full-scale war, including cyberattacks against Ukraine, hacks of civilian infrastructure in Europe, and interference in foreign elections.
