A second senior Australian government minister has revealed his mobile phone was hacked through the Telegram messaging app, with a media report saying the phishing scam was aimed at revealing contact details of pro-democracy activists in Hong Kong.
Health Minister Greg Hunt’s office said in an emailed statement on Thursday that “a cyber security attempt to impersonate the minister has been referred to the Australian Federal Police and investigations are underway.” That follows Monday’s statement by Finance Minister Simon Birmingham that he had been targeted.
The Australian newspaper reported late Wednesday that the details of pro-democracy Hong Kongers were provided to someone impersonating Birmingham, with one of the recipients being asked: “Do you have any contacts in Hong Kong?”
The person handed over details of Hong Kongers without realizing they were speaking to a cyber-hacker, the paper said, citing the person who it didn’t identify.
Birmingham told a parliamentary hearing on Tuesday that the hacker had gained access to contacts in his government phone who had the Telegram app. He said there was also another request from the person pretending to be the minister asking for money to be transferred to a bank account outside Australia.
“The AFP are seeking to, through their data security processes, attempting to ascertain how any data was secured and are working to try to get Telegram to shut down the false account,” Birmingham said, according to a transcript sent from his office.
The phishing campaign, which was first reported to authorities on March 18, originated with WhatsApp, the Australian Federal Police warned in an advisory circulating with government employees on Thursday.
The warning said the scam “presents as a request from a trusted colleague. Victims have been targeted through WhatsApp and asked to download Telegram for ‘further communication.’”
The WhatsApp message also asked the recipient to forward the two-factor authentication codes to the sender when they install Telegram, which is a breach that should have raised flags with recipients. Two-factor authentication is an additional security buffer users enable for their devices and online accounts to prevent unauthorized access. In most cases the codes would come straight to a person’s phone, signaling an intrusion on an account if they are unaware of the activity.
The Australian Signals Directorate has declined to comment on the scam. Telegram hasn’t replied to a message requesting comment sent on Sunday via its website or one sent through its app on Thursday.
Prime Minister Scott Morrison’s office said on Monday it doesn’t comment on police matters, while requests seeking comment from other senior ministers on whether they were targeted haven’t been responded to.