Russian Intelligence Services Phish Messaging Credentials
The Security Service of Ukraine (SSU) and the U.S. Federal Bureau of Investigation (FBI) have uncovered a systematic, long-running cyber espionage campaign orchestrated by Russian Intelligence Services (RIS). This extensive operation primarily targets government officials, military personnel, politicians, and activists across Ukraine, European countries, and the U.S., along with personal accounts belonging to Ukrainian nationals. The objective of these attacks is to exfiltrate sensitive military, political, and economic intelligence, and personal data by compromising popular messaging platforms like Signal and WhatsApp.
The RIS uses SMS phishing tactics, sending messages that impersonate official messaging platform support bots. These deceptive messages coerce targets into divulging their account credentials and critical backup recovery keys. Attribution for similar attack waves has been linked to Russian threat activity clusters, including Star Blizzard, UNC5792 (also known as UAC-0195), and UNC4221 (also known as UAC-0185).
This coordinated disclosure by the SSU and FBI shows the persistent and widespread nature of state-sponsored cyber threats aimed at compromising secure communication channels. The campaign's reliance on social engineering to bypass existing security measures demonstrates why heightened vigilance is needed against seemingly innocuous digital communications. The scope of targeted individuals and regions shows the strategic value of acquiring intelligence from high-value targets across geopolitical lines.
How do Russian Intelligence Services compromise messaging accounts?
Russian Intelligence Services (RIS) compromise messaging accounts primarily through well-crafted SMS phishing messages designed to mimic legitimate support communications from platforms like Signal and WhatsApp. These messages instruct users to disclose their account credentials or, in some cases, their backup recovery keys. This method exploits user trust and a lack of awareness regarding typical platform support procedures.
The attack chain avoids technical exploits against the messaging applications themselves, instead using human factors to gain unauthorized access. Once credentials or recovery keys are obtained, attackers gain full access to private conversations, shared media, and contact lists, enabling extensive intelligence gathering. The SSU warned that such attacks target a broad spectrum of individuals, including organizational members, public figures, and private citizens, showing they cast a wide net for valuable information.
Associated threat clusters, specifically Star Blizzard, UNC5792 (also known as UAC-0195), and UNC4221 (also known as UAC-0185), have been previously linked to similar campaigns. These groups have historically focused on credential theft and espionage, aligning with the objectives identified in the current operation. The use of backup recovery keys represents a potent vector, as it can allow long-term access and recovery of historical data even if the primary account password is changed.
Can AI coding agents inadvertently run malware from seemingly clean repositories?
Yes, AI coding agents can be tricked into executing malicious payloads from seemingly clean GitHub repositories, a concept demonstrated by researchers at Mozilla's Zero Day Investigative Network (0DIN). Their research illustrates an attack method where an agentic coding tool, such as Claude Code, cloned a benign-looking repository and subsequently executed an attacker-controlled shell script without explicit user approval or any suspicious indicators in the repository itself.
The attack unfolds in a multi-stage process:
- An attacker creates a clean GitHub repository with standard setup instructions (e.g.,
pip3 install -r requirements.txt). - A Python package within this repository is designed to refuse execution initially, prompting an error message that instructs the user (or AI agent) to run a specific initialization command, such as
python3 -m axiom init. - Claude Code, attempting to resolve the error automatically, executes the suggested
python3 -m axiom initcommand. - This command then calls a shell script that retrieves a configuration value from a DNS TXT record controlled by the attacker and executes it as a command on the developer's system.
This novel approach plants an interactive shell on the developer's device, providing access to sensitive environment variables, API keys, and local configuration files. The 0DIN researchers explain that the attack involves no direct exploit code and no explicit malicious commands that would raise immediate suspicion. The entire chain is automated by the AI agent's error-recovery mechanism.
While currently a conceptual demonstration, 0DIN warns that threat actors could easily disseminate such malicious repositories through fake job postings, technical tutorials, blog posts, or direct messages. This method represents a supply chain attack vector against the growing ecosystem of AI-powered development tools, using the inherent trust in seemingly legitimate development workflows. For broader context on how AI is increasingly intertwined with software supply chain threats, consider research on worms targeting development platforms, such as the Miasma worm's attacks on AI, GitHub, and PyPI. Mitigating this threat requires AI agents to implement transparent disclosure of the full execution chain for setup commands, including dynamically fetched scripts and code.
Which Belarus-aligned threat actor distributes the OYSTERBLUES info stealer?
The Computer Emergency Response Team of Ukraine (CERT-UA) attributed the distribution of the OYSTERBLUES information stealer to UNC1151, also known as Ghostwriter and UAC-0057. This Belarus-aligned threat actor has been observed conducting spear-phishing campaigns targeting Ukrainian government organizations. The campaigns use compromised accounts to deliver the OYSTERBLUES malware, aiming to exfiltrate sensitive data from the targeted entities.
UNC1151 is recognized for its persistent cyber espionage activities, often aligning with Belarusian government interests and affecting targets critical to Ukrainian national security. Their modus operandi frequently involves advanced social engineering and the exploitation of trusted channels to deliver malware. The use of already compromised accounts in these spear-phishing campaigns lends an air of legitimacy to the malicious emails, increasing the likelihood of victims interacting with the payload.
The OYSTERBLUES info stealer is designed to collect a wide array of sensitive data from infected systems, which typically includes credentials, system information, and documents. The continuous targeting of government organizations with such tools indicates a strategic effort to maintain persistent access and gather intelligence. Defenses against UNC1151's tactics often rely on strong email security, multi-factor authentication, and complete user training against phishing attempts, particularly those originating from seemingly legitimate internal or trusted external sources.
What is the FortiBleed campaign and its impact on FortiGate devices?
The FortiBleed campaign is a significant credential harvesting operation that has targeted FortiGate firewalls globally, impacting at least 86,644 FortiGate devices. This campaign successfully harvested an estimated 110 million credentials, a substantial volume indicative of a widespread and effective attack vector. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings to Fortinet customers regarding this ongoing threat.
The specifics of the vulnerability or method exploited by the FortiBleed campaign were not explicitly detailed beyond its focus on FortiGate firewalls and its credential harvesting objective. However, the scale of compromised credentials suggests a vulnerability that allowed broad access to device management interfaces or user authentication mechanisms. Such an operation could lead to further network intrusion, data exfiltration, or the establishment of persistent access within victim environments.
The CISA warning shows the critical need to address the risks posed by FortiBleed. Organizations utilizing FortiGate products are urged to implement security best practices, including regular patching, strong, unique passwords, multi-factor authentication for all administrative interfaces, and continuous monitoring for suspicious activity. The large number of affected devices and harvested credentials indicate that the campaign's impact could be extensive across various sectors and geographies.
How was the Cisco Catalyst SD-WAN zero-day exploited in the wild?
A zero-day vulnerability, CVE-2026-20245, affecting Cisco Catalyst SD-WAN solutions has been actively exploited, allowing attackers to gain root access to affected devices. Mandiant researchers revealed details concerning the exploitation of this critical flaw. While the specific threat actors involved were not publicly named, the nature of the target and the exploit capability often points to advanced adversaries.
The exploitation of CVE-2026-20245 provides attackers with the highest level of administrative privileges, root access, on the compromised Cisco Catalyst SD-WAN devices. Gaining root access allows attackers to fully control the device, including manipulating network traffic, establishing persistence, and using the device as a pivot point for further lateral movement into the victim's network infrastructure. This level of compromise poses a severe threat to network integrity and data confidentiality.
Cisco Catalyst SD-WAN products are widely used by enterprises to manage distributed network environments. A zero-day exploit in such a key network component can have far-reaching consequences, potentially disrupting critical business operations and exposing sensitive data. Organizations relying on Cisco Catalyst SD-WAN were advised to apply available patches and closely monitor their systems for any indicators of compromise associated with CVE-2026-20245.
Technical Takeaways
- Russian Intelligence Services (RIS) continue to conduct advanced, long-running SMS phishing campaigns targeting government, military, and political figures in Ukraine, European countries, and the U.S.
- Threat actors use deceptive "support bot" messages to trick users of Signal and WhatsApp into divulging account credentials and backup recovery keys for intelligence gathering.
- Mozilla's Zero Day Investigative Network (0DIN) demonstrated a novel attack where Claude Code and similar AI coding agents can be manipulated into executing malicious shell scripts from seemingly clean GitHub repositories through automated error recovery.
- The Belarus-aligned group UNC1151 (aka Ghostwriter and UAC-0057) actively employs spear-phishing tactics using compromised accounts to deliver the OYSTERBLUES information stealer to Ukrainian government organizations.
- The FortiBleed campaign has harvested 110 million credentials from 86,644 FortiGate devices, prompting a CISA warning about widespread credential compromise.
- A zero-day vulnerability, CVE-2026-20245, in Cisco Catalyst SD-WAN has been exploited in the wild to achieve root access on affected devices.
