The FBI warned that Russian and Iranian cyber campaigns are exploiting messaging platforms to compromise accounts and deploy malware, with Russian actors using phishing to hijack Signal accounts and Iranian actors using Telegram-linked malware attributed to Handala Hack. These campaigns have resulted in thousands of unauthorized accesses, allowed remote data exfiltration and surveillance, and highlight the need for heightened vigilance and stronger protections for high-risk users. #Signal #HandalaHack
Keypoints
- The FBI and CISA warn Russian actors are phishing Signal users to add linked devices or fully take over accounts.
- The campaign has compromised thousands of accounts, targeting U.S. officials, military personnel, politicians, and journalists.
- Iranβs MOIS and the group Handala Hack used Telegram as command-and-control for malware disguised as legitimate apps like Pictory or KeePass.
- The malware enabled screen and audio capture, file exfiltration, and remote control, often after tailored reconnaissance of victims.
- Agencies urge caution with unverified messages and recommend stronger personal and enterprise controls around sanctioned messaging apps.
Read More: https://therecord.media/russia-iran-cyber-fbi-hacks