WhatsApp targeted by Russian hackers seeking data on Ukraine

SAN FRANCISCO – A hacking group linked to Russia’s government tried stealing WhatsApp data of employees at non-governmental organisations offering assistance to Ukraine, according to Microsoft Corp.

Attackers associated with Russia’s Federal Security Service, or FSB, sent e-mails to specific targets asking them to join WhatsApp groups, Microsoft researchers said in a blog post Jan 16.

The phishing messages often appeared to be from a US government official and contained a QR code that purportedly would provide details about initiatives meant to support Ukraine in its ongoing war against Russia.

Microsoft didn’t say whether any of the attempted intrusions resulted in successful breaches.

The cyber attacks were linked to Star Blizzard, an allegedly state-backed hacking group, according to Microsoft.

The US Justice Department has seized or taken down 180 websites associated with the group since October with the help of Microsoft, the Redmond, Washington-based company said. 

A WhatsApp spokesperson said in a statement the company protects personal conversations with end-to-end encryption, and encouraged users only to click on links from people they know and trust.

The Russian Embassy in Washington did not immediately respond to a request for comment.

The US Cybersecurity and Infrastructure Security Agency, or Cisa, in December said the Star Blizzard group is “almost certainly” linked to Russia’s FSB, citing the group’s history trying to compromise American and British politicians, academics and people in the defence sector.

Star Blizzard specialises in researching potential targets on social media, finding their professional contacts and creating email accounts that masquerade as their trusted associates, Cisa said. BLOOMBERG