Star Blizzard may not bother stealing passwords next—just let users paste PowerShell or link the attacker’s device. Security awareness is going great 🥴📱

#AlphaHunt #CyberSecurity #StarBlizzard #Phishing

ClickFix to Linked-Device Takeovers: Will Star Blizzard Introduce a New Initial-Access Vector by Oct 2026? Fake CAPTCHA ➜ “paste this PowerShell.” 🙃 Linked-device pairing ➜ quiet account takeovers. 👻 Device-code phishing ➜ legit login page, attacker gets tokens. 🔑

“Verify you’re human” = paste PowerShell 🤡 Next: “link your device” and they *are* you. Star Blizzard loves quiet token takeovers. 🔥

Forecast + what to watch (so your MFA isn’t just a comforting bedtime story): blog.alphahunt.io/clickfix-to-...

#AlphaHunt #CyberSecurity #StarBlizzard #Phishing

ClickFix to Linked-Device Takeovers: Will Star Blizzard Introduce a New Initial-Access Vector by Oct 2026? Fake CAPTCHA ➜ “paste this PowerShell.” 🙃 Linked-device pairing ➜ quiet account takeovers. 👻 Device-code phishing ➜ legit login page, attacker gets tokens. 🔑

Nothing says “secure” like a fake CAPTCHA telling staff to paste PowerShell. Next up: Star Blizzard-style linked‑device takeovers strolling past MFA (while OAuth redirects do drive‑bys). 🍀🔒

Read the forecast: blog.alphahunt.io/clickfix-to-...

#AlphaHunt #CyberSecurity #StarBlizzard #Phishing

When your “I’m not a robot” test asks you to paste PowerShell… congrats, you just paired the attacker’s device. Linked-device takeovers = MFA’s new bedtime story 😈🛡️

#AlphaHunt #CyberSecurity #StarBlizzard #Phishing

🚨 Google uncovers LOSTKEYS - new spyware by Russian APT COLDRIVER (aka Star Blizzard). Targets NGOs, journalists & NATO-linked experts. Delivered via fake CAPTCHAs, it steals files & evades detection. A major shift to full device compromise. #LOSTKEYS #CyberSecurity #APT #STARBLIZZARD #Malware

Coldriver utilizza Lostkeys per rubare documenti da governi occidentali, ONG e target strategici tramite malware mirato

#apt #coldriver #evidenza #GoogleCloud #guerracibernetica #lostkeys #malware #ONG #PHISHING #Russia #spionaggioinformatico #StarBlizzard
www.matricedigitale.it/sicurezza-in...

Star Blizzard Targets WhatsApp in New Campaign Microsoft highlighted a new Star Blizzard campaign targeting WhatsApp accounts, as the group adapts its TTPs following the takedown of its infrastructure by law enforcement

スターブリザード、新たなキャンペーンでWhatsAppをターゲットに

Star Blizzard Targets WhatsApp in New Campaign #InfosecurityMagazine (Jan 17)

#StarBlizzard #WhatsApp #ソーシャルエンジニアリング #サイバー攻撃 #アカウント乗っ取り

Star Blizzard hackers abuse WhatsApp to target high-value diplomats Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations,…

スターブリザードのハッカーがWhatsAppを悪用して重要外交官を狙う

Star Blizzard hackers abuse WhatsApp to target high-value diplomats #BleepingComputer (Jan 19)

#StarBlizzard #WhatsApp #スピアフィッシング #サイバー攻撃 #アカウント乗っ取り

How Russian hackers went after NGOs' WhatsApp accounts - Help Net Security Star Blizzard was spotted attempting to compromise WhatsApp accounts of NGO workers through a clever phishing campaign.

ロシアのハッカーがNGOのWhatsAppアカウントを狙った経緯

How Russian hackers went after NGOs’ WhatsApp accounts #HelpNetSecurity (Jan 17)

#StarBlizzard #WhatsAppフィッシング #NGO攻撃 #ロシアハッカー #サイバー攻撃

Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting Star Blizzard shifts to WhatsApp spear-phishing, using QR codes to target diplomats and Ukraine aid. Campaign ended November 2024.

ロシアのスター企業ブリザード、WhatsAppのQRコードを利用して認証情報を収集する戦術に変更

Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting #HackerNews (Jan 16)

#StarBlizzard #スピアフィッシング #WhatsApp #サイバーセキュリティ #ロシア

Russian hackers target WhatsApp accounts of ministers worldwide FSB-linked Star Blizzard attempts to lure email recipients to click on QR code that gives attackers access to account

Gli #hackerrussi prendono di mira gli account #WhatsApp dei #ministri di tutto il #mondo
#StarBlizzard, collegata all' #FSB, tenta di indurre i destinatari delle e-mail a cliccare sul codice QR che consente agli aggressori di accedere all'account
www.theguardian.com/technology/2...

Russia-linked APT Star Blizzard targets WhatsApp accounts The Russian group Star Blizzard targets WhatsApp accounts in a new spear-phishing campaign, shifting tactics to avoid detection.

Russia-linked APT Star Blizzard targets WhatsApp accounts
securityaffairs.com/173165/apt/r...

#Infosec #Security #Cybersecurity #CeptBiro #RussiaLinked #APT #StarBlizzard #WhatsAppAccounts

Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting Star Blizzard shifts to WhatsApp spear-phishing, using QR codes to target diplomats and Ukraine aid. Campaign ended November 2024.

Russian Star Blizzard switches tactics to QR phishing on WhatsApp

"Star Blizzard's targets are most commonly related to government or diplomacy..."

www.microsoft.com/en-us/securi...

#CyberSecurity #WhatsApp #SpearPhishing #Quishing #Russia #StarBlizzard #SEABORGIUM #Ukraine