Cyber Incident Victim: Saifuddin Nasution bin Ismail

On May 1, 2025, Malaysian home minister Datuk Seri Saifuddin Nasution Ismail’s WhatsApp account was compromised. Authorities stated that the attacker used a virtual private network to gain access to the account. Once accessed, the account was used to send malicious links to the minister’s contacts. The Ministry of Home Affairs confirmed the breach and issued a public advisory urging recipients not to respond to any messages or calls purporting to be from the minister, especially those involving financial or personal requests. The ministry also noted that the incident was under active investigation.

Police indicated that they were working to determine the hacker’s location but had not yet identified the perpetrator. As of the press conference, no victims had reported financial losses resulting from the scam messages. The incident follows similar attacks on other high-ranking officials, including the hijacking of parliamentary speaker Johari Abdul’s WhatsApp account in March 2025, which led some contacts to send money. Earlier cases involved threat actors accessing former Prime Minister Ismail Sabri’s Telegram and Signal accounts in 2022 and the Royal Malaysia Police’s social media accounts in 2015. Following the breach, Nasution Ismail faced online criticism and ridicule, with local media reporting that citizens questioned the adequacy of Malaysia’s cybersecurity protections given that the nation’s top security official had been successfully targeted.