VulnHub

Real-time Cybersecurity News

Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

The Hacker News
Actively Exploited
Critical

Overview

The Security Service of Ukraine (SSU) and the FBI have exposed a campaign by Russian intelligence aimed at infiltrating the messaging accounts of various individuals, including government officials, military personnel, and activists in Ukraine, Europe, and the U.S. The attackers used fake support texts to trick victims into revealing their messaging credentials. This operation is part of a broader strategy to gather sensitive information and undermine trust among key figures in these regions. The implications are significant, as such breaches can lead to the exposure of critical communications and potentially jeopardize national security and public safety.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Messaging accounts of government officials, military personnel, politicians, and activists.
  • Action Required: Users should enable two-factor authentication on their messaging accounts and be cautious of unsolicited messages that appear to be from support services.
  • Timeline: Ongoing since the campaign was uncovered

Original Article Summary

The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in Ukraine, Europe, and the U.S. The systematic cyber attacks aimed at stealing sensitive

Impact

Messaging accounts of government officials, military personnel, politicians, and activists.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since the campaign was uncovered

Remediation

Users should enable two-factor authentication on their messaging accounts and be cautious of unsolicited messages that appear to be from support services.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Read Original Article

Related Coverage

Security Affairs newsletter Round 583 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

The latest Security Affairs newsletter includes a warning from the FBI about Russian intelligence agencies utilizing Signal Recovery Keys to intercept and access private messages. This development raises concerns for individuals and organizations relying on encrypted communication for privacy. The hospitality sector has also been noted as a target, suggesting that attackers are expanding their focus beyond traditional sectors. These incidents emphasize the need for vigilance in cybersecurity practices, especially in industries handling sensitive information. Organizations should reassess their security measures to better protect against such sophisticated tactics.

Jun 28, 2026

Data breach exposes up to 14.2 million email logins at six ISPs

BleepingComputer

KDDI Corporation, a major telecommunications provider in Japan, has reported a significant data breach affecting its email system, which is also used by five other internet service providers (ISPs). The breach has exposed up to 14.2 million email logins, putting users' personal information at risk. KDDI did not specify how the attackers gained access or whether any sensitive data beyond email logins was compromised. This incident raises concerns about the security measures in place at ISPs and the potential for increased phishing attacks targeting affected users. As the investigation continues, users are advised to change their passwords and remain vigilant against suspicious communications.

Jun 28, 2026

Chinese Framework Powers 200,000 Scam Sites

SecurityWeek

A recent report reveals that over 200,000 scam websites are using templates generated by a legitimate Chinese framework called DCloud Uni-App. Attackers are exploiting this toolkit to create investment scam sites that trick users into giving away money. This issue is significant because it highlights how easily legitimate software can be misused for fraudulent purposes, putting countless individuals at risk. As these scams proliferate, it becomes crucial for internet users to be vigilant and recognize potential red flags in online investment opportunities. Companies and regulators need to consider stronger measures to combat such deceptive practices.

Jun 27, 2026

Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk

darkreading

Recent breaches involving third-party vendors have put educational institutions on high alert regarding the security of student data. As ransomware attacks become more common, schools and universities are increasingly recognizing the risks associated with relying on external vendors for services. These incidents have revealed vulnerabilities that can expose sensitive information, prompting institutions to strengthen their cybersecurity measures. The need for schools to assess and manage vendor risk is more crucial than ever, as attackers often target less secure third-party systems to gain access to larger networks. This situation not only threatens the privacy of students but also can lead to significant financial and reputational damage for educational organizations.

Jun 27, 2026

2 Linux kernel flaw PoCs published, enabling local privilege escalation

SCM feed for Latest

Recently, two proof-of-concept (PoC) exploits for vulnerabilities in the Linux kernel have been published, enabling local privilege escalation. One of these flaws is known as DirtyClone, which is related to the DirtyFrag vulnerability class. These vulnerabilities could allow attackers with local access to escalate their privileges, potentially gaining control over sensitive system functions. This is particularly concerning for systems that rely heavily on Linux, as it could lead to unauthorized access to critical data and services. Users and administrators should be aware of these vulnerabilities and take necessary precautions to secure their systems against potential exploitation.

Jun 26, 2026

4 arrested in Poland for SIM-swapping and cryptocurrency theft

SCM feed for Latest

Four individuals were arrested in Poland for their involvement in a SIM-swapping scheme that led to cryptocurrency theft. This operation was a joint effort between Poland's Cybercrime Bureau and various U.S. agencies, including the FBI and Homeland Security Investigations. The suspects are accused of breaching telecommunications companies and hijacking email accounts to gain unauthorized access to victims' cryptocurrency wallets. This incident underscores the ongoing risks associated with SIM-swapping, where attackers manipulate mobile phone accounts to intercept sensitive information. As cryptocurrency continues to grow in popularity, the need for enhanced security measures is becoming increasingly important for users and service providers alike.

Jun 26, 2026