The UK National Cyber Security Centre has warned of increasing attempts by Russia-based actors to target individuals via messaging apps, including WhatsApp, Signal and Messenger.
The alert, issued alongside international partners, highlights a rise in malicious activity aimed at compromising accounts belonging to high-risk individuals, including those with access to sensitive information or influence over decision-making.
According to the NCSC, attackers are using a range of techniques to gain access to accounts. These include tricking users into sharing login or verification codes, adding unauthorised devices, infiltrating group chats, impersonating trusted contacts and using phishing links or QR codes.
The agency noted that such targeting has previously been linked to state-affiliated actors, including groups associated with Russia, China and Iran. It added that recent activity specifically involves Russia-aligned threat actors focusing on messaging platforms as a point of access.
High-risk individuals are defined as those whose roles or public profile make them more likely targets, particularly if they have access to sensitive information or networks of interest to hostile actors.
The NCSC has set out a series of mitigation steps. These include enabling two-step verification or passkeys, avoiding the sharing of verification codes, regularly checking for linked devices, and being cautious of unknown contacts or duplicate accounts impersonating trusted individuals. It also advises limiting the use of personal messaging apps for work-related communications, instead using corporate systems where available. Users are encouraged to enable features such as disappearing messages to reduce the amount of data exposed in the event of a compromise, where this aligns with organisational policies.
