Russian campaign targeting Romanian WhatsApp numbers
Essential information
- Published
- 28/02/2025 14:30
- Modified
- 03/03/2025 15:59
- Tags
- 2025-02-28 account takeover phishing romania russia social engineering whatsapp
- Related entities
- 6 techniques (mitre), 1 others
Description
A campaign originating from Russia has been identified, targeting Romanian WhatsApp users. The operation involves sending messages to victims, encouraging them to vote in a fake contest. When users click on the provided link, they are prompted to enter their WhatsApp number and an 8-character code, which grants the attackers access to the victim's account. The campaign uses multiple domains with Romanian-themed names, and evidence suggests previous targeting of English and Turkish-speaking users. The attackers exploit compromised accounts to spread the malicious messages further, potentially leading to account loss due to spamming. Users are advised against entering codes from suspicious websites to protect their WhatsApp accounts.