Ukraine and FBI Uncover Russian Social Engineering Campaign Targeting Messaging Accounts
Ukraine's SBU, working with the FBI, has exposed a long-running Russian operation that uses fake tech-support messages to steal credentials for messaging apps from officials and activists across Ukraine, Europe, and the US.
Ukraine's Security Service (SBU) announced on Thursday that it has uncovered, in coordination with the FBI, a sustained Russian campaign to compromise the messaging accounts of government officials, military personnel, politicians, and activists in Ukraine, Europe, and the United States. The operation, which has been active for an extended period, aims to steal sensitive military, political, and economic information exchanged through messaging applications, as well as victims' personal data.
The attackers rely on social engineering rather than exploiting technical vulnerabilities in the messaging apps themselves. According to the SBU, one of the most common methods involves sending text messages that impersonate official messaging platform support services, urging users to disclose their account credentials. "The messages are sent in the morning hours, when users are particularly vulnerable due to their physical and emotional state," the SBU said in its statement.
The campaign targeted a broad range of victims, including government institutions, public officials, activists, and ordinary Ukrainian citizens. The SBU did not identify which Russian intelligence service is responsible, nor did it specify which messaging platforms were primarily targeted or how many victims have been affected. The FBI did not immediately respond to a request for comment.
This disclosure follows a series of warnings from Ukraine and Western intelligence agencies about Russian efforts to compromise secure messaging platforms used by government and military personnel. Earlier this year, Dutch intelligence agencies warned that Russian state-backed hackers were conducting a global campaign to hijack Signal and WhatsApp accounts belonging to government officials, diplomats, and military personnel. In those attacks, the perpetrators typically posed as customer support workers to trick victims into sharing one-time verification codes or PINs.
Ukraine has previously reported Russian espionage operations targeting messaging applications used by its military, including campaigns involving data-stealing malware and attempts to extract encrypted Telegram and Signal communications from mobile phones captured on the battlefield. The latest SBU disclosure underscores the persistent and evolving nature of Russian cyber espionage tactics, which increasingly focus on compromising communication channels rather than exploiting software flaws.
The SBU's collaboration with the FBI highlights the international scope of the threat and the importance of cross-border intelligence sharing. The campaign's targeting of individuals across multiple countries suggests a coordinated effort to gather intelligence on a wide range of geopolitical and military matters. As messaging apps become integral to both personal and professional communication, such social engineering attacks pose a significant risk to national security and individual privacy.
Organizations and individuals are advised to remain vigilant against unsolicited messages requesting credentials or verification codes, even if they appear to come from legitimate support services. Enabling multi-factor authentication and using unique, strong passwords can help mitigate the risk of account compromise. The SBU's warning serves as a reminder that the human element remains the most vulnerable link in cybersecurity, and that attackers will continue to exploit it.