Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

Russia's intelligence services conducted a sustained operation to compromise messaging accounts belonging to Ukrainian government officials, military personnel, politicians, and activists across Ukraine, Europe, and the United States. The Security Service of Ukraine (SSU) and the FBI jointly uncovered the campaign, which relied on phishing tactics disguised as legitimate support communications.

Attackers sent fake text messages impersonating customer support from messaging platforms, prompting targets to disclose their account credentials. The operation demonstrates a shift toward social engineering rather than technical exploits. By posing as legitimate service providers, threat actors bypassed security awareness among high-value targets who might otherwise recognize direct phishing attempts.

The campaign targeted multiple victim categories. Ukrainian government and military personnel represent primary intelligence collection targets for Russian state actors. European officials and U.S. citizens involved in policy toward Ukraine or Eastern Europe expand the espionage scope. Activists and civil society figures likely face targeting due to their influence on public opinion and international support networks.

Compromised messaging accounts provide adversaries direct access to sensitive communications, contact networks, and operational planning details. For military and government officials, account compromise enables surveillance of strategic discussions and identification of intelligence sources. Activist accounts reveal donor networks, organizational structures, and coordination methods.

The SSU and FBI investigation confirms Russian state involvement through operational patterns, timing, and targeting priorities consistent with known Russian intelligence objectives. The reliance on credential theft rather than zero-day exploits suggests adversaries prioritize speed and scale over technical sophistication.

Organizations and individuals should enforce multi-factor authentication on all messaging accounts, particularly those containing sensitive communications. Security teams should train personnel to verify support requests through official channels before providing credentials. Messaging platforms should implement additional authentication requirements for account recovery processes. Intelligence agencies should expect continued Russian targeting of critical infrastructure operators, policy makers, and security professionals in allied nations.