🟠 High | Source: The Hacker News
Russian intelligence services conducted a sustained campaign using fake technical support text messages to steal messaging app credentials from Ukrainian and Western government officials, military personnel, and activists. The operation was uncovered jointly by Ukraine’s Security Service (SSU) and the FBI. The campaign highlights the ongoing use of social engineering as a vector to compromise sensitive communications outside traditional IT environments.
Security Architect’s Take: Ensure your organisation enforces phishing-resistant MFA (such as hardware security keys or passkeys) on all messaging and collaboration platforms, and implement policies that prohibit the use of personal or unmanaged messaging apps for sensitive communications. Review whether privileged users are adequately trained to identify smishing lures impersonating IT support.
Original advisory: Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials