← Back to blog

Russian Intelligence Deploys Fake Support Texts to Compromise Messaging Accounts

Ukrainian and U.S. authorities uncovered a sustained campaign by Russian intelligence using SMS-based social engineering to steal credentials from government, military, and activist messaging accounts. The operation targeted officials across Ukraine, Europe, and the United States.

TL;DR

  • Russian intelligence orchestrated a long-running credential theft campaign using fraudulent SMS messages impersonating support services
  • Targets included Ukrainian government officials, military personnel, politicians, and activists across multiple countries
  • The FBI and Security Service of Ukraine (SSU) jointly investigated and disclosed the coordinated attack infrastructure
  • Fake support texts directed victims to credential-harvesting pages designed to compromise messaging platforms
  • Organizations should implement SMS-resistant authentication and train staff on social engineering tactics

The Security Service of Ukraine and the Federal Bureau of Investigation have disclosed a sophisticated, sustained cyber operation attributed to Russian intelligence services. The campaign relied on social engineering via SMS to compromise messaging accounts belonging to high-value targets including government officials, military personnel, elected representatives, and civil society activists across Ukraine, Europe, and the United States.

This attack demonstrates the continued reliance on credential theft as a foundational technique in state-sponsored cyber operations. By impersonating legitimate support services through text messages, threat actors bypassed technical controls and exploited human trust to gain unauthorized access to sensitive communications channels.

Attack Method and Scope

  • Threat actors sent fraudulent SMS messages posing as support services for messaging platforms
  • Fake texts directed victims to credential-harvesting websites designed to capture login credentials
  • Campaign targeted high-value individuals: government officials, military command staff, politicians, and civil society leaders
  • Geographic scope included Ukraine, European nations, and the United States
  • Operation was systematic and long-running, indicating sustained resource allocation by state actors

Security Implications for Organizations

  • SMS-based social engineering remains effective against high-profile targets despite awareness campaigns
  • Messaging platform credentials provide access to sensitive communications and operational intelligence
  • Multi-factor authentication alone is insufficient if SMS is used as a secondary factor in phishing scenarios
  • Government and critical infrastructure organizations face elevated risk from state-sponsored credential theft
  • User training on SMS-based social engineering and verification procedures is essential

Defensive Recommendations

  • Implement hardware security keys or authenticator apps instead of SMS-based two-factor authentication
  • Deploy email and SMS filtering to block known phishing domains and spoofed sender addresses
  • Conduct regular security awareness training focused on social engineering and credential theft tactics
  • Monitor messaging platform access logs for anomalous login patterns or geographic inconsistencies
  • Establish incident response procedures for suspected credential compromise

Sources

Sources

Security email updates

One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.

Russian Intelligence Deploys Fake Support Texts to Compromise Messaging Accounts — Agent Breach Blog | Agent Breach