Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in Ukraine, Europe, and the U.S. The systematic cyber attacks aimed at stealing sensitive

According to Ukraine’s Security Service and the FBI, Russian intelligence ran a long-running social engineering campaign that sent fake support SMS messages to steal credentials for encrypted messaging apps used by officials, military personnel, politicians, and activists in Ukraine, Europe, and the U.S.[1][8] The goal was to gain access to sensitive military, political, and economic information, as well as personal data, by tricking users into sharing login details and confirmation codes.[1] For CyberSE.AI, this illustrates how AI-enabled or AI-assisted agents integrated with messaging or communications workflows could be abused as a covert exfiltration channel if their authentication flows, session handling, or notifications can be mimicked or hijacked by attackers. Organizations deploying AI agents around sensitive communications should use continuous red teaming to simulate credential phishing against agent interfaces, harden identity and session management, require strong multi-factor authentication, and ensure agents never request or store raw authentication secrets or recovery codes.