Microsoft reports that Russian hackers have targeted politicians and officials supporting Ukraine through WhatsApp across the globe.

Russian hackers attempted to gain access to the accounts of government ministers and officials worldwide, as well as employees of analytical centers and organizations supporting Ukraine, on the messaging platform WhatsApp.

Source. This was reported by Microsoft on their blog.

The hackers from the group Star Blizzard, which is linked to the FSB in the West, employed a new phishing method, according to the company's announcement.

In November 2024, the company's cybersecurity division began noticing attacks specifically targeting WhatsApp accounts. Users received emails supposedly from a U.S. government representative inviting them to join a group in the messenger dedicated to recent non-governmental initiatives aimed at supporting Ukrainian civil organizations.

The recipient was prompted to scan a QR code that granted the attacker access to their WhatsApp account.

In addition to ministers and officials from several countries (which Microsoft did not disclose), Star Blizzard attempted to deceive individuals involved in diplomacy, defense policy, and research on international relations related to Russia, as well as those assisting Ukraine in countering Russian aggression.

Microsoft did not disclose whether the linked hackers succeeded in stealing WhatsApp data from the accounts they attempted to breach.

"The attacker can access messages in the WhatsApp account and may be able to extract that data," the company warned.

Cybercriminals are increasingly utilizing QR codes, leading to this phishing practice being specifically referred to as "quishing."

In 2023, the UK’s National Cyber Security Centre (NCSC) accused Star Blizzard of attacking members of parliament, university staff, and journalists to "undermine trust in politics and democracy in the UK," as reported by The Guardian.