A coordinated campaign by Russian intelligence services to compromise the messaging accounts of officials and public figures in Ukraine, Europe, and the US has been uncovered by Ukraine's Security Service (SBU) and the Federal Bureau of Investigation (FBI). The cyberattacks aim to gain access to sensitive military, political, and economic information exchanged through messaging platforms, as well as steal users' personal data. This sophisticated social engineering campaign highlights the ongoing threat to secure communication channels.
What Happened
The SBU and FBI have revealed a long-running Russian cyber campaign targeting the messaging accounts of government officials, military personnel, politicians, activists, and ordinary citizens in multiple countries. The attackers used various phishing techniques, including sending fake support messages that appear to originate from official services, to trick victims into revealing their account credentials. These messages are often sent during early morning hours when users may be more susceptible to manipulation due to their physical and emotional condition.
The SBU reported that Russian hackers employ a range of tools and tactics to carry out the operations. One of the most frequently used methods involves sending text messages that appear to originate from official support services in an effort to obtain account passwords. The agency warned that such messages are often disguised as communications from legitimate bots or technical support systems.
Background and Context
This is not the first time Ukraine has reported Russian espionage operations targeting messaging applications used by its military, including campaigns involving data-stealing malware and attempts to extract encrypted Telegram and Signal communications from mobile phones captured on the battlefield. Earlier this year, Dutch intelligence agencies warned that Russian state-backed hackers were conducting a global campaign to hijack Signal and WhatsApp accounts belonging to government officials, diplomats, and military personnel.
The attackers typically posed as customer support workers to trick victims into sharing one-time verification codes or PINs. This type of social engineering attack is particularly effective because it preys on users' trust in official communication channels. The fact that Russian intelligence services are using such tactics highlights the sophistication and adaptability of their cyber operations.
Why It Matters to the Industry
59,416 page views