The Security Service of Ukraine (SSU), alongside the U.S. Federal Bureau of Investigation (FBI), has disclosed a persistent phishing campaign orchestrated by Russian intelligence services. This operation targets the messaging accounts of government officials, military personnel, politicians, and activists across Ukraine, Europe, and the United States.
According to the SSU, the primary objective of these cyber attacks is to extract sensitive information, including military, political, and economic data, as well as personal details from the victims. The SSU articulated this concern in a post shared on Telegram, stating, “The goal of these ‘hacks’ is to gain access to sensitive military, political, and economic information exchanged by users, as well as to steal their personal data.”
Methodology of the Attack
The attackers employ a deceptive tactic by sending SMS messages that appear to come from the messaging platform’s support bot. These messages prompt users to reveal their account credentials, thereby facilitating unauthorized access.
Scope of the Campaign
The SSU indicated that the phishing attempts are not limited to public figures and organizations; they also encompass personal accounts belonging to Ukrainian citizens. While the campaign has not been attributed to a specific hacking group, it bears similarities to previous attack waves targeting users of messaging applications such as Signal and WhatsApp. These earlier incidents have been linked to Russian threat activity clusters identified as Star Blizzard, UNC5792 (also known as UAC-0195), and UNC4221 (also known as UAC-0185).
Recommendations for Users
In light of these threats, users are advised to take several precautions. These include regularly reviewing active messaging app sessions and logging out of any unknown connections, enabling two-factor authentication, avoiding the scanning of QR codes from unknown sources, and refraining from sharing confirmation codes, PINs, passwords, and recovery keys. Additionally, users should exercise caution when clicking on links or opening files from unfamiliar chats.
Related Threats
In a related context, the FBI has linked Russian intelligence actors to an ongoing phishing campaign targeting high-value individuals through commercial messaging applications. This campaign aims to deceive victims into providing their backup recovery keys. Furthermore, the Computer Emergency Response Team of Ukraine (CERT-UA) recently attributed a spear-phishing campaign to a Belarus-aligned threat actor known as UNC1151 (also referred to as Ghostwriter and UAC-0057), which targeted government organizations using compromised accounts to distribute an information stealer called OYSTERBLUES.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
