The Security Service of Ukraine (SSU) said it, together with the US Federal Bureau of Investigation (FBI), exposed a long-running campaign by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians and activists in Ukraine, Europe and the US.
Systematic cyber attacks aim to steal sensitive information from victims, the agency said.
“The goal of these ‘hacks’ is to gain access to sensitive military, political and economic information exchanged by users, as well as steal their personal data,” the agency warned in a post shared on Telegram.
To carry out the operation, the attackers send SMS messages that pose as the messaging platform’s support bot and urge users to disclose their account credentials.
The SSU said that these attacks involve not only organizations, officials or public figures, but also personal accounts of Ukrainian citizens. It did not attribute the campaign to any specific hacking group.
However, similar attack waves targeted directly at Signal and WhatsApp messaging app users have been attributed to Russian threat activity groups tracked as Star Blizzard, UNC5792 (aka UAC-0195), and UNC4221 (aka UAC-0185).
To counter the risk posed by such threats, it is advised to periodically review active messaging app sessions and log out from unknown connections, enable two-factor authentication, avoid scanning QR codes received from unknown users, not disclose confirmation codes, PIN codes, passwords and account recovery keys, and not click on suspicious links or open files from unknown or suspicious chats.
The development comes as the FBI blamed cyber threat actors from the Russian Intelligence Services (RIS) for an ongoing commercial messaging application (CMA) phishing campaign aimed at deceiving high-value targets into handing over their backup recovery keys.
Late last month, Ukraine’s Computer Emergency Response Team (CERT-UA) attributed a Belarus-aligned threat actor known as UNC1151 (aka Ghostwriter and UAC-0057) to a spear-phishing campaign that targeted government organizations by using compromised accounts to distribute an information stealer called OYSTERBLUES.
