WhatsApp Breach Targets Australian Parliament in Suspected State-Backed Cyberattack
A targeted cyberattack compromised the WhatsApp accounts of an Australian federal MP and three staffers earlier this year, prompting a temporary block on the platform’s web version within Parliament. The breach, disclosed during a Senate Estimates hearing on 20 May, occurred on 6 March when attackers used a phishing campaign to hijack personal accounts logged into both personal and Department of Parliamentary Services (DPS)-managed devices.
The attackers tricked victims into sharing WhatsApp verification codes, allowing them to take control of the accounts and impersonate the users. By 9 March, DPS imposed a week-long block on WhatsApp Web across its IT network to prevent further unauthorized access, as officials could not immediately assess the scope of the compromise. The restriction was lifted on 16 March after mitigation efforts.
Evidence suggests a foreign state actor was behind the attack, aligning with global trends of state-sponsored phishing campaigns targeting government officials. Similar incidents have been reported in the UK, US, Germany, and the Netherlands, with warnings issued about Russian-linked hackers exploiting messaging apps like WhatsApp and Signal. The FBI previously noted that such attacks had compromised thousands of accounts belonging to politicians, military personnel, and journalists.
DPS collaborated with the Australian Signals Directorate (ASD) to investigate the breach, emphasizing the need for heightened cybersecurity measures among parliamentarians. While WhatsApp remains widely used, officials advised securing accounts and exercising caution with sensitive communications on the platform. The incident underscores the persistent threat of state-backed cyber espionage against high-value targets in government.
Source: https://ia.acs.org.au/article/2026/federal-mp-s-whatsapp-account-hacked-by-state-actor.html
Australian Signals Directorate cybersecurity rating report: https://www.rankiteo.com/company/australian-signals-directorate
"id": "AUS1779719409",
"linkid": "australian-signals-directorate",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '1 federal MP, 3 staffers',
'industry': 'Public Sector',
'location': 'Australia',
'name': 'Australian Parliament (Department of '
'Parliamentary Services)',
'size': 'Large (government entity)',
'type': 'Government'}],
'attack_vector': 'Phishing (verification code theft)',
'data_breach': {'personally_identifiable_information': 'Potential (account '
'details, '
'communications)',
'sensitivity_of_data': 'High (government communications)',
'type_of_data_compromised': 'Account credentials, potential '
'sensitive communications'},
'date_detected': '2024-03-06',
'date_publicly_disclosed': '2024-05-20',
'date_resolved': '2024-03-16',
'description': 'A targeted cyberattack compromised the WhatsApp accounts of '
'an Australian federal MP and three staffers earlier this '
'year, prompting a temporary block on the platform’s web '
'version within Parliament. The breach occurred when attackers '
'used a phishing campaign to hijack personal accounts logged '
'into both personal and Department of Parliamentary Services '
'(DPS)-managed devices. The attackers tricked victims into '
'sharing WhatsApp verification codes, allowing them to take '
'control of the accounts and impersonate the users.',
'impact': {'brand_reputation_impact': 'Moderate (government trust and '
'security concerns)',
'data_compromised': 'WhatsApp account access, potential sensitive '
'communications',
'downtime': '1 week (WhatsApp Web blocked)',
'identity_theft_risk': 'High (account impersonation)',
'operational_impact': 'Temporary restriction on WhatsApp Web usage '
'in Parliament',
'systems_affected': 'WhatsApp Web (DPS-managed devices), personal '
'devices'},
'initial_access_broker': {'entry_point': 'Phishing (verification code theft)',
'high_value_targets': 'Government officials (MPs, '
'staffers)'},
'investigation_status': 'Completed (with ASD collaboration)',
'lessons_learned': 'Need for heightened cybersecurity measures among '
'parliamentarians, caution with sensitive communications '
'on messaging platforms',
'motivation': 'Cyber espionage, Impersonation',
'post_incident_analysis': {'corrective_actions': 'Temporary WhatsApp Web '
'block, security advisories, '
'ASD collaboration',
'root_causes': 'Social engineering (verification '
'code sharing), lack of '
'multi-factor authentication'},
'recommendations': 'Secure WhatsApp accounts with multi-factor '
'authentication, avoid sharing verification codes, '
'exercise caution with sensitive communications',
'references': [{'date_accessed': '2024-05-20',
'source': 'Senate Estimates hearing'}],
'response': {'communication_strategy': 'Disclosed during Senate Estimates '
'hearing, advisories to '
'parliamentarians',
'containment_measures': 'Blocked WhatsApp Web access across DPS '
'IT network',
'incident_response_plan_activated': 'Yes',
'recovery_measures': 'Lifted WhatsApp Web block after mitigation',
'remediation_measures': 'Account recovery, heightened security '
'advisories',
'third_party_assistance': 'Australian Signals Directorate (ASD)'},
'stakeholder_advisories': 'Advisories to parliamentarians on securing '
'accounts and cautious communication',
'threat_actor': 'Foreign state actor (suspected state-backed)',
'title': 'WhatsApp Breach Targets Australian Parliament in Suspected '
'State-Backed Cyberattack',
'type': 'Phishing, Account Takeover',
'vulnerability_exploited': 'Social engineering (verification code sharing)'}