At least twelve men working in the UK parliament have recently been targeted by WhatsApp spear phishing messages, POLITICO reports. The targeted individuals include “a senior Labour MP, four party staffers, and a political journalist.”
The messages are sexual in nature, and may be intended to obtain compromising photos of the targets in order to blackmail them.
“Many of the messages contain striking similarities, including personalized references to the victims’ appearances at U.K. political events and drinking spots,” POLITICO says. “In several cases explicit photos were also sent — and in at least one case, the victim reciprocated. A dossier of evidence compiled by POLITICO has been reviewed by four cybersecurity experts who agreed people in key positions in parliament are being targeted with ill intent.”
Notably, the messages are highly personalized and tailored to each target, referencing specific aspects of their lives.
“Strikingly, the sender or senders of the messages often displays extensive knowledge of their target and their movements within the narrow world of Westminster politics,” POLITICO says.
“Two people were sent references to their work on the Mid Bedfordshire by-election of October 2023. One received a message discussing their work on ‘the Nandy campaign’ (Labour MP Lisa Nandy stood for the party leadership in 2020.)
The other was sent a WhatsApp message referring to the breakdown of a recent relationship. A third person was told they had previously met the message-sender in the ‘Sports’ — a nickname for Parliament’s Woolsack bar, formerly the Sports and Social Club. A fourth was told they met the sender at the annual Labour Party conference in Manchester. A fifth was asked if they still worked for their current boss.”
Ciaran Martin, former head of the UK’s National Cyber Security Centre, told POLITICO, “Malicious actors, including nation states, have a history of using digital messaging to try to cultivate relationships with people they think have political influence. Some of this activity is high quality and convincing. Some of it can be spotted a mile away. The key message is that anyone working in Westminster can expect stuff like this...trust your own instincts, don’t respond, and report it if you’re concerned.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
POLITICO has the story.
