The Security Service of Ukraine (SSU) revealed a coordinated campaign by Russian intelligence to steal sensitive data from government officials, military personnel, and activists in Ukraine, Europe, and the United States. Working with the FBI, Ukrainian authorities uncovered a systematic cyberattack that sent fake SMS messages posing as official support bots from messaging platforms. The goal was to trick victims into handing over account credentials, granting access to sensitive military, political, and economic information.
How the Attack Operated
Attackers sent text messages designed to look like they came from a messaging app’s support team. These messages urged recipients to provide their account credentials. The SSU noted that this campaign targeted not only official organizations and public figures but also personal accounts of ordinary Ukrainian citizens. While no specific hacking group was named, similar attacks against Signal and WhatsApp users in the region have been linked to Russian threat clusters like Star Blizzard, UNC5792, and UNC4221.
Recommended Defenses and Impact
To protect against this threat, users are advised to regularly review active messaging app sessions, log out of unknown connections, enable two-factor authentication, and avoid scanning QR codes from unknown senders. The SSU also warned against sharing confirmation codes, PINs, passwords, or account recovery keys. This warning follows a separate FBI alert about Russian intelligence actors using commercial messaging app phishing to steal backup recovery keys from high value targets. The campaign underscores ongoing cyber espionage tactics targeting both government and civilian digital communications in the region.
Source: The Hacker News
