Security News > 2023 > December > Five Eyes nations warn Moscow's mates at the Star Blizzard gang have new phishing targets

In a joint security alert issued on Thursday, seven agencies* from Australia, Canada, New Zealand, the US and the UK, warned about a criminal gang named Star Blizzard and its evolving phishing techniques.

Beginning in 2022, Star Blizzard also began prodding defense-industrial targets and US Department of Energy facilities.

While US and UK-based targets appear to be most at risk of Star Blizzard's attacks, the Five Eyes say the Kremlin-backed crew has also infiltrated other NATO countries, plus others that share borders with Russia.

Beginning in April 2023, we observed Star Blizzard gradually move away from using hCaptcha servers as the sole initial filter to prevent automatic scanning of their Evilginx server infrastructure.

"As of May 2023, most Star Blizzard registered domains associated with their redirector servers use a DNS provider to obscure the resolving IP addresses allocated to their dedicated VPS infrastructure," Microsoft's researchers wrote.

In another attempt to evade security tools, Star Blizzard typically uses password protected PDF lures or links to cloud-based file-sharing platforms such as Microsoft OneDrive and Proton Drive.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/12/08/five_eyes_star_blizzard_warning/