Star Blizzard Shifts Tactics to Spear-Phishing on Whatsapp

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna Seitz and Sarah Pfabe to dive into the activities of the Russian-aligned threat actor, Star Blizzard. 

Active since 2022, Star Blizzard recently shifted tactics by using WhatsApp for spear-phishing campaigns targeting government officials, NGOs, and academics. The team discusses how this change in approach may be a response to previous exposure of their tactics. They also explore the resilience of Star Blizzard, highlighting Microsoft's disruption of their operations, including the seizure of domains, and the ongoing threat posed by this actor despite legal actions. 

In this episode you’ll learn:     

• Why threat actors like Star Blizzard are highly resilient and quickly adapting
• What steps users take to avoid falling victim to mobile malware
• Challenges of monitoring WhatsApp activity and why this platform has become a target

Some questions we ask:    

• What role do QR codes play in Star Blizzard’s phishing campaigns?
• Why do you think phishing continues to be the number one access vector?
• How resilient is Star Blizzard when facing disruptions like domain seizures or legal actions?

Resources: 

View Sarah Pfabe on LinkedIn 

View Anna Seitz on LinkedIn 

View Sherrod DeGrippo on LinkedIn 

Related Microsoft Podcasts:                  

• Afternoon Cyber Tea with Ann Johnson
• The BlueHat Podcast
• Uncovering Hidden Risks    

Discover and follow other Microsoft podcasts at microsoft.com/podcasts 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.