Russian state-sponsored hackers are conducting a targeted Signal and WhatsApp phishing campaign against government officials, military personnel, and journalists to gain access to sensitive messages. The attackers use fake support messages, SMS verification/PIN requests, and malicious QR/device-linking methods to take over or silently link accounts, and Dutch agencies alongside Signal warn users to verify links and check linked devices. #Signal #WhatsApp
Keypoints
- Russian state-sponsored actors are targeting officials, military personnel, and journalists via Signal and WhatsApp phishing campaigns.
- Phishing messages impersonate Signal support and request SMS verification codes and Signal PINs to facilitate account takeovers.
- After takeover, attackers can register the account on their device, change the linked phone number, and access contacts and incoming messages.
- Attackers also abuse device-linking via malicious QR codes or links to connect their device without fully locking victims out.
- Dutch agencies advise not sharing sensitive information over messaging apps, verifying invitations through trusted channels, and removing unknown linked devices.