Russian-linked Star Blizzard APT targeted Reporters Without Borders using sophisticated phishing campaigns involving compromised ProtonMail accounts. The group also attempted to compromise ProtonMail accounts with a custom phishing kit capable of relaying two-factor authentication. #StarBlizzard #UNC4057
Keypoints
- Star Blizzard conducted targeted spear-phishing campaigns against NGOs, journalists, and government entities.
- The attacks used spoofed contacts, fake documents, and theme-based lures related to peace negotiations.
- The hackers exploited ProtonMailβs security features using a custom phishing kit with adversary-in-the-middle techniques.
- They employed a malicious JavaScript injection method to capture ProtonMail credentials by mimicking the login page.
- Star Blizzard has been active since 2019, with recent links to Russiaβs FSB and use of LostKeys malware in attacks.
Read More: https://www.securityweek.com/reporters-without-borders-targeted-by-russian-hackers/