France Post Targeted, Romanian Waters Attacked, WhatsApp GhostPairing Threat

From a product strategy perspective, DMARC reporting is evolving from a security tool to a business intelligence platform, says Brad Slavin, General Manager of DuoCircle. The data in aggregate reports tells you not just who’s spoofing you, but who’s sending legitimate email on your behalf - and whether they’re doing it correctly.

_According to the FBI’s 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report

France Post Targeted, Romanian Waters Attacked, WhatsApp GhostPairing Threat

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-36066">
						<source src="https://media.mailhop.org/dmarcreport/images/2025/12/France-Post-Targeted-Romanian-Waters-Attacked-WhatsApp-GhostPairing-Threat.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M6S">2:06</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-36066" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-36066" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-36066" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-36066" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/france-post-targeted-romanian-waters-attacked-whatsapp-ghostpairing-threat/&t=France Post Targeted, Romanian Waters Attacked, WhatsApp GhostPairing Threat" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/france-post-targeted-romanian-waters-attacked-whatsapp-ghostpairing-threat/&url=France Post Targeted, Romanian Waters Attacked, WhatsApp GhostPairing Threat" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2025/12/France-Post-Targeted-Romanian-Waters-Attacked-WhatsApp-GhostPairing-Threat.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/france-post-targeted-romanian-waters-attacked-whatsapp-ghostpairing-threat/" class="input-link input-link-36066" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-36066" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

/*! This file is auto-generated */ ’ title=“Embed Code” class=“input-embed input-embed-36066” readonly/>

					<button class="copy-embed copy-embed-36066" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

This is the fourth edition of the month, and we have curated the **top three cyber incidents that you must know about. We will begin the bulletin with the alleged threat attack on a French post office. Next, we will discuss the recent cyberattack on Romanian waters and try to understand the extent of damage it has caused. Lastly, we will discuss the meaning of GhostPairing and try to understand how it may affect WhatsApp users.

The national post office in France was allegedly targeted by threat actors!

The daily operations of France’s national post office have been disrupted by an alleged cyberattack. The mishap has affected both the website and the associated apps of the post office. Deliveries are being delayed. **Online transfers are taking forever. All these are adding to the chaos and confusion of the holiday season.

The attack, most probably a DDoS (Distributed Denial of Service), took place on Monday, just three days prior to Christmas. LaPoste claims that no customer data has been breached. But the attack has definitely messed up parcel delivery and distribution systems.

Customers who need to send last-minute parcels or are waiting to collect them are being sent away by the post office. La Banque Postal, the banking service, is not functioning properly, and customers are facing issues in getting “access to online banking and to the mobile app.” Online payments are also functional, but have to be authenticated through text messages. The BPCE group has reportedly also undergone an IT malfunction on the same day.

Just a week before, the **French interior ministry also fell prey to a cyber mishap.

Romanian Waters targeted by cybercriminals, no critical water operations affected!

Last weekend, the Romanian Waters were targeted by a cyberattack. The National Cyber Security Directorate (DNSC) has stated that as many as **1000 computer systems have been affected. Because of the cyberattack, IT assets, including databases, email, web services, and GIS services, have been impacted. Although authorities claim that the water operations have been operating normally without any disruptions.

The DNSC was informed about the cyber incident on December 20, 2025. It was a ransomware attack that targeted **multiple servers and workstations of the National Romanian Waters Administration.

A thorough investigation is underway, and it involves the SRI’s National Cyberint Center, DNSC, and Romanian Waters. Government experts have stated that cybercrooks have used Windows BitLocker to encrypt all systems. DMARC, DKIM, and SPF help authenticate emails, prevent spoofing and phishing, and strengthen defenses against email-based cyberattacks.

WhatsApp users can be targeted through a GhostPairing attack!

A new cyber threat, GhostPairing, is doing the rounds. The Indian Computer Emergency Response Team (CERT-In) has warned WhatsApp users about this new threat. GhostPairing gives complete access to threat actors over a WhatsApp user’s account. The worst part about this hacking technique is that it does not require the cybercrooks to crack passwords or swap any SIMs.

Indian government agencies have urged WhatsApp users to adhere to certain **safety protocols to make sure that their accounts don’t get compromised by threat actors.

The GhostPairing attack is one of the finest forms of social engineering tactics. It abuses the multi-device login feature of the messaging app to get access to the target’s account without being detected.

A victim receives a message on WhatsApp from a family member or friend whose account has already been compromised. The message would casually ask the victim to download a photo or video . There will be a URL on which the victim will have to click to view the image/video.

The malicious link then directs the victim to a fake website where they will be asked to “verify identity via WhatsApp.” When the victim enters their phone number, the cybercrook enters the same number to the “Link with phone number” section. At this moment, a prompt pops up on the malicious website saying “Enter the code shown on your screen to verify.” The moment the victim enters the pairing code, the attacker gets legit access to your WhatsApp account.

From now on, the attacker will be able to read all your messages, view media, and listen to your voice notes. They can also text your acquaintances on your behalf to request urgent financial assistance.