Russia-based actor Star Blizzard, linked to the Russian Federal Security Service (FSB) Centre 18, now employs successful spear-phishing attacks globally, primarily targeting academia, defense, government entities, NGOs, think tanks, and politicians.
In 2022, their focus expanded to defense-industrial targets and US Department of Energy facilities. Utilizing spear-phishing, they meticulously research targets via open-source platforms including social media and professional networks, creating realistic email accounts and fake profiles to establish trust. Star Blizzard prefers personal email addresses, often building rapport with targets before delivering malicious links.
Upon clicking the malicious link, targets are directed to an actor-controlled server, compromising credentials. Star Blizzard accesses victim email accounts, steals information, and sets up mail-forwarding rules to monitor the activities of a victim, steal information, and maintain persistent access to victim's emails, even after compromised credentials are reset.
Star Blizzard's evolving spear-phishing techniques pose a persistent threat. Vigilance is crucial for individuals and organizations in targeted sectors.