WhatsApp Accounts of Australian Parliament Members Targeted in Phishing Attack

A targeted phishing campaign compromised the WhatsApp accounts of a parliamentarian and three staff members, with evidence pointing to a foreign state actor.

The Department of Parliamentary Services revealed the breach during a Senate hearing, reporting that the incident occurred on March 6. Affected accounts were accessed on both personal and departmental devices.

How the Attack Worked

All four accounts were compromised through the same method: a threat actor requested a verification code sent to the victim, received it, and used it to log in.

The Department official did not identify the country believed to be responsible, noting that state-sponsored WhatsApp phishing campaigns targeting government officials have been publicly reported in the United States, Germany, and the Netherlands.

Response and Ongoing Risks

In response to the breach, the Department temporarily blocked WhatsApp web services on March 9, though the block has since been lifted.

Officials stated that WhatsApp remains permissible for use but urged parliamentarians and staff to:

• Secure their accounts
• Avoid sharing confidential information via the platform

Broader Cyber Threat Landscape

The Senate hearing also revealed the scale of cyber activity targeting parliamentary systems:

• More than 20,000 phishing attempts
• 46 malware detections
• 1,458 cyber alerts in the financial year to March 31

"The volume of attempts varies over time," another official noted, underscoring the persistent and evolving nature of the threat.