Cyber specialists of the Security Service of Ukraine, together with the Federal Bureau of Investigation, have exposed Russian intelligence services for systematic cyberattacks on messaging apps used by officials, military personnel, politicians, and activists from Ukraine, Europe, and the United States.
The purpose of these “hacks” is to gain access to sensitive military, political, and economic information exchanged by users, as well as to steal their personal data.
For such cyberattacks, Russian hackers use a variety of tools and methods.
For example, to trick users into revealing account passwords, they most often send SMS messages posing as “support teams.” These actions are disguised as official bot activity, and the messages are sent in the early morning hours, when users are especially vulnerable due to their physical and emotional state.
The Security Service of Ukraine emphasizes that Russian intelligence services and affiliated hackers target not only organizations, officials, or public figures, but also the personal accounts of ordinary Ukrainian citizens.
Therefore, the agency urges citizens to take care of their cybersecurity and follow basic cyber hygiene rules:
- regularly check active sessions in messaging apps and log out of unknown connections
- enable two-factor authentication and use a strong alphanumeric PIN code
- never share verification codes, PINs, passwords, or account recovery keys
- do not click suspicious links, even if they come from acquaintances (their account may already be compromised)
- do not open files from unknown or suspicious chats, especially on a computer
- do not scan QR codes received from unknown bots or users, as attackers can use them to connect their device to your account
