A Russian hacking group tied to the Kremlin has unleashed a global attack. They are using what appear to be links to innocent websites to steal information.
These hackers from Star Blizzard, which formerly operated as SEABORGIUM, are also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie.
The dangerous group is targeting anyone who might have information they can use. They’re even going after the U.S. government.
So far, Star Blizzard has attacked people tied to academics, defense, government organizations and more in both the U.S. and the U.K. According to the U.S. Cybersecurity and Infrastructure Security Agency, the group is also targeting NATO members and countries near China.
Spear-phishing is an attack where hackers target specific groups or individuals. They think their victims either have the information they want or have direct access to it. In this case, we don’t know what information Star Blizzard wants. However, we do know how their operation works.
According to the CISA, Star Blizzard hackers will use social media and networking platforms to stalk their victims. They’ll take their time to really get to know their target.
They’ll then create fake email accounts such as Outlook, Gmail, and others, plus social media profiles to impersonate your close contacts or experts. Hackers will even go so far as to create malicious websites that appear to be legitimate to fool you. And the CISA says there have been cases where attackers have created fake event invitations to lure their victims.
From there, they’ll reach out to you and begin to draw you into their trap. Usually, they’ll look for common interests to help spark a conversation. Hackers will then send a malicious link, posing as a Google Drive, OneDrive, or another link where you’d have to log on to a platform.
These URLs may look legitimate, but they are actually designed to trick you into entering your credentials or downloading malicious files. You should never click on any link that you receive from an unknown or suspicious source.
If you do, the hackers can steal your information as soon as you type it in, download it, or click a malicious file or link. Once you do this then they have full access to your account. From there, your information is theirs to have and use.