NCSC Warns of Messaging App Targeting Public Sector

State‑sponsored cyber groups have increasingly turned to everyday communication tools to infiltrate government networks. Recent NCSC alerts highlight Russian actors exploiting the ubiquity of WhatsApp, Messenger and Signal, following earlier campaigns by China’s APT31, Russia’s Star Blizzard, and Iran’s IRGC. These platforms offer a low‑cost, high‑reward vector: compromised accounts can grant attackers direct lines to officials, enabling credential harvesting, covert device addition, and real‑time social engineering. The shift reflects a broader trend where adversaries move beyond traditional email phishing to more personal, trusted channels, raising the stakes for public‑sector cyber defence.

For public‑sector employees, the risk profile hinges on the sensitivity of the information they handle. Individuals with access to classified data, policy decisions, or critical infrastructure become prime targets for actors seeking strategic advantage. Tactics such as stealing verification codes, inserting unauthorized devices, and masquerading as trusted contacts can bypass conventional security layers. The NCSC’s warning underscores that even seemingly benign messaging apps can become conduits for espionage, data exfiltration, and operational disruption if not properly secured.

In response, the NCSC recommends a multi‑layered approach: migrate to government‑approved messaging solutions, enable two‑step verification or passkeys, and routinely audit linked devices and group memberships. Regular training on recognizing malicious QR codes and verification code requests further fortifies user awareness. By institutionalising these practices, agencies not only protect individual accounts but also reinforce the broader cyber resilience of the public sector, curbing the foothold that foreign actors seek to establish within critical communication channels.