UK Parliamentarians Targeted by Surge in Russian-Linked Phishing Attacks
A growing wave of phishing attacks, specifically targeting the WhatsApp and Signal accounts of UK Members of Parliament (MPs), peers, and officials, has prompted a cybersecurity alert from parliamentary authorities. The attacks, attributed to Russia-based actors, represent a significant escalation in attempts to compromise sensitive communications and potentially gain access to confidential information.
Parliamentary officials are urging increased vigilance after a continued rise in sophisticated attacks. These attacks commonly involve deceptive messages impersonating app support teams, requesting users to divulge access codes, click on malicious links, or scan compromised QR codes. According to a memo circulated on Thursday and reviewed by The Guardian, successful breaches could allow attackers to read messages, download contact lists, and monitor parliamentary activity undetected.
The National Cyber Security Centre (NCSC), the UK’s leading authority on cybersecurity, based at GCHQ, issued new protective measures in October. However, authorities report that “such cases have continued to rise,” indicating the evolving sophistication and persistence of the threat.
“The NCSC are aware of Russian-based activity targeting commercial messaging platforms used by UK politicians and officials, including Signal and WhatsApp,” parliamentary authorities stated. In response, legislators and officials are being strongly encouraged to discontinue the use of commercial messaging platforms for parliamentary work, opting instead for the more secure Microsoft Teams for informal communications.
A government spokesperson emphasized that spear-phishing – a highly targeted form of phishing – remains a prevalent and effective tactic employed by malicious actors. “The National Cyber Security Centre is working with partners in government and UK parliament in response to recent targeting against commercial messaging apps including Signal and WhatsApp,” the spokesperson said. “We strongly encourage individuals at high risk of being targeted to follow the NCSC’s guidance and to sign up for our cyber-defence services to help bolster their protection.”
This isn’t an isolated incident. Last year, police initiated an investigation into a spear-phishing attack targeting several MPs via WhatsApp, perpetrated by a user identifying as “Abigail” or “Abi.” Furthermore, in 2023, the government identified “Star Blizzard,” a group operated by Russian intelligence officers, as having targeted parliamentarians – including through spear-phishing – since at least 2015.
The latest warning underscores the ease with which these attacks can be executed, noting that “these attacks are easy to carry out if the attacker has your phone number.” Parliamentary authorities are urging immediate action to enhance account security and mitigate risk. Recommended steps include enabling two-factor authentication on messaging accounts, verifying linked devices for any unrecognized entries, and promptly removing any suspicious connections.
Legislators and parliamentary staff are also encouraged to register their phone numbers and email addresses with the NCSC to receive alerts should their accounts be compromised. The increasing frequency and sophistication of these attacks highlight the critical need for proactive cybersecurity measures to safeguard the integrity of parliamentary communications and protect against foreign interference.
