The Security Service of Ukraine (SSU), in collaboration with the U.S. Federal Bureau of Investigation (FBI), has reportedly uncovered an extensive cyber espionage operation conducted by Russian intelligence. This campaign allegedly sought to compromise messaging accounts belonging to officials and other key individuals across Ukraine, Europe, and the United States.
According to the SSU, the primary objective of these cyber intrusions was to obtain confidential military, political, and economic information. The attackers also aimed to gather personal data from the targeted individuals, the SSU stated in a notice issued via Telegram.
Methods of Attack
The attackers allegedly employed deceptive SMS messages, posing as legitimate support communications from messaging platforms. These messages were designed to trick users into divulging their login credentials, enabling unauthorized access to their accounts.
The SSU highlighted that the malicious activities impacted not only governmental and public figures but also private citizens in Ukraine. The agency did not specify which hacking group was responsible for the attacks. However, similar tactics have been linked to Russian threat groups such as Star Blizzard, UNC5792 (also known as UAC-0195), and UNC4221 (also known as UAC-0185).
Preventive Measures
To mitigate the risk of such threats, users are advised to regularly review their messaging app sessions and terminate any that appear unfamiliar. Activating two-factor authentication is recommended, along with avoiding QR codes from unknown sources and not sharing sensitive information like confirmation codes or passwords.
The FBI has linked Russian Intelligence Services (RIS) to an ongoing phishing campaign targeting commercial messaging apps. This operation is aimed at high-profile targets, attempting to extract their backup recovery keys through deception.
Recent Developments
In a related event, the Computer Emergency Response Team of Ukraine (CERT-UA) attributed a spear-phishing campaign to a Belarus-aligned group known as UNC1151, also referred to as Ghostwriter or UAC-0057. This campaign involved using compromised accounts to distribute malware, specifically an information stealer identified as OYSTERBLUES.
This series of incidents underscores the persistent threat posed by cyber espionage activities supported by state actors. As the digital landscape continues to evolve, vigilance and proactive security measures remain essential in protecting sensitive information from unauthorized access.
