The Russian threat actor Star Blizzard (formerly SEABORGIUM) has launched a spear-phishing campaign targeting WhatsApp accounts, deviating from its usual credential-harvesting methods. Known for targeting government, diplomacy, defense policy, and Ukraine-related sectors, the group exploits QR codes in phishing emails posing as U.S. officials, luring victims to join fake WhatsApp groups. Victims scanning these codes inadvertently link their accounts to attacker-controlled devices, enabling message theft. Previously reliant on email marketing platforms and AiTM attacks, the shift reflects adaptation following public exposure and operational disruptions. Targets are urged to scrutinize external links and suspicious emails carefully.

‍