Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials
Ukraine says Russian intelligence used fake messaging-app “support” texts to phish credentials and verification codes and hijack accounts.
What’s new: According to The Hacker News, Ukrainian authorities say Russian intelligence operators ran a phishing campaign that impersonated messaging-app support teams over SMS. The fake “support” texts pressured targets into revealing login credentials and one-time verification codes, letting the attackers hijack accounts and read private communications.
Who’s affected
The campaign focused on individuals of interest in Ukraine, but the technique — credential-stealing smishing that impersonates a trusted service desk — is a threat to any messaging-app user. Once an attacker obtains a verification code or session, they can take over the account and potentially impersonate the victim to reach their contacts.
What to do
- Never share one-time codes or verification links with anyone — legitimate support teams will not ask for them.
- Treat unsolicited “support” texts with suspicion, especially those creating urgency; verify through the app’s official channels.
- Enable app-level protections such as a registration/PIN lock and two-step verification on your messaging accounts.
- Review active sessions and linked devices periodically, and remove any you don’t recognize.
