Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials Ravie LakshmananJun 27, 2026Messaging Security / Cyber Espionage The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in Ukraine, Europe, and the U.S. The systematic cyber attacks aimed at stealing sensitive information from the victims, the agency added. "The goal of these 'hacks' is to gain access to sensitive military, political, and economic information exchanged by users, as well as to steal their personal data," the agency warned in a post shared on Telegram. To pull off the operation, the attackers send SMS messages that masquerade as the messaging platform's support bot and urge users to disclose their account credentials.  The SSU noted that these attacks include not only organizations, officials or public figures, but also personal accounts belonging to Ukrainian nationals. It did not attribute the campaign to a specific hacking group. However, similar attack waves directly aimed at Signal and WhatsApp messaging app users have been attributed to Russian threat activity clusters tracked as Star Blizzard, UNC5792 (aka UAC-0195), and UNC4221 (aka UAC-0185). To counter the risk posed by such threats, it's advised to periodically review active messaging app sessions and log out of unknown connections, enable two-factor authentication, refrain from scanning QR codes received from unknown users, not disclose confirmation codes, PIN codes, passwords, and account recovery keys, and click on suspicious links or open files from unknown or dubious chats. The development comes as the FBI attributed Russian Intelligence Services (RIS) cyber threat actors to an ongoing commercial messaging application (CMA) phishing campaign aimed at high-value targets to deceive them into handing over their backup recovery keys. Late last month, the Computer Emergency Response Team of Ukraine (CERT-UA) attributed to the Belarus-aligned threat actor known as UNC1151 (aka Ghostwriter and UAC-0057) a spear-phishing campaign that targeted government organizations using compromised accounts to deliver an information stealer called OYSTERBLUES. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  Credential Theft, cyber espionage, Messaging Security, Phishing, Russian Intelligence, Signal, Ukraine, WhatsApp ⚡ Top Stories This Week Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability ⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution 29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered Load More ▼ ⭐ Featured Resources [Watch Demo] See Which Security Gaps Attackers Could Exploit First Have You Outgrown Your MDR? 7 Warning Signs Every CISO Should Check AI Can’t Stop Every Attack. Learn How Zero Trust Can Block What’s Unknown Get the 2026 Guide to Govern and Secure Enterprise AI Agents at Scale