- The Security Service of Ukraine and FBI uncovered a long-running Russian cyber-espionage campaign targeting officials and activists worldwide.
- Attackers used SMS phishing to impersonate messaging platform support bots and steal user credentials.
- Known threat clusters like Star Blizzard, UNC5792, and UNC4221 have previously conducted similar operations.
- Users are advised to enable two-factor authentication, review active sessions, and avoid sharing recovery keys.
In a joint international operation revealed on June 27, 2026, the Security Service of Ukraine and the U.S. Federal Bureau of Investigation uncovered a systematic, long-running cyber campaign orchestrated by Russian intelligence services. This operation targeted the messaging accounts of government, military, and political figures in Ukraine, Europe, and the United States to steal sensitive information.
The attackers executed their plan by sending deceptive SMS messages that posed as official support bots. Consequently, these messages tricked victims into disclosing their account credentials, as the agency warned in a Telegram post.
However, similar attack patterns have been previously linked to Russian threat groups tracked as Star Blizzard, UNC5792, and UNC4221. Meanwhile, the FBI has also attributed an ongoing commercial messaging application phishing campaign to Russian Intelligence Services actors.
Consequently, security experts strongly advise enabling two-factor authentication and regularly reviewing active sessions. Users should also never disclose confirmation codes, PINs, or account recovery keys from unsolicited contacts.
This development follows another recent campaign, which CERT-UA attributed to the Belarus-aligned actor UNC1151. That operation used compromised accounts to deliver a malware called OYSTERBLUES to government targets.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
