A foreign state actor has hacked a parliamentarian and three staff members’ WhatsApp accounts, leading to the platform being temporarily blocked.
A Department of Parliamentary Services official told a Senate hearing today there was a “targeted phishing activity” on March 6.
They received reports from a parliamentarian and three staffers that their accounts had been compromised.
“These accounts were on both personal and DPS devices,” the official said.
“All the accounts were compromised in the same manner.”
The department found a threat actor had requested a verification code to be sent to the victim, received that code and then used that to log in to the account.
It found evidence that suggested a foreign state actor was behind the phishing campaign.
”The objective was to take over the accounts, which is what did occur,” the official said.
The official did not state what country was behind the attack.
“There’s lots of public reporting of state-sponsored WhatsApp phishing campaigns targeting government officials,” the official said, adding the same had happened in the US, Germany and the Netherlands.
The Guardian has previously reported Russia was behind increasing phishing attacks against UK parliamentarians on platforms like WhatsApp and Signal.
The department issued a temporary block on WhatsApp web services on March 9, which has since been lifted.
According to the official, WhatsApp still has a place for use but urged parliamentarians and staffers to make accounts as secure as possible and avoid sharing confidential information through the platform.
The Senate hearing heard there have been more than 20,000 phishing attempts, 46 detections of malware and 1458 cyber alerts in this latest financial year to March 31.
“I think there are times where we have much higher attempts and times when, obviously, attention is diverted elsewhere,” another official said.
Nine.com.au has contacted the Department of Parliamentary Services for further comment.
Click Here For The Original Source.
