Germany’s BfV and BSI warned of a likely state‑sponsored campaign using Signal phishing to trick high‑value targets in politics, the military, diplomacy, and investigative journalism into surrendering verification codes or scanning malicious QR codes. Attackers impersonate Signal Support or a chatbot to register or link devices, enabling message interception and contact‑list compromise; similar tactics have been tied to clusters such as Star Blizzard and could be extended to WhatsApp. #Signal #StarBlizzard
Keypoints
- Threat actors impersonate “Signal Support” or a “Signal Security ChatBot” to solicit PINs or SMS verification codes.
- Providing a PIN lets attackers register the victim’s account on their device to intercept incoming messages and send messages as the victim.
- QR code device linking can grant attackers access to the last 45 days of messages while victims may remain unaware and retain account access.
- The campaign targets high‑ranking political, military, diplomatic figures and investigative journalists and can expose entire networks via group chats.
- Mitigations include enabling Registration Lock, not sharing PINs or codes, and regularly reviewing and removing unknown linked devices; similar risks apply to WhatsApp and exposed VPN devices like FortiGate.
Read More: https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html