Summary: Russian state-backed hackers are increasingly targeting Signal messenger accounts, especially those used by Ukrainian military personnel and officials, in an effort to gather sensitive information. Google’s security team reported that the use of phishing techniques, including exploiting Signal’s “linked devices” feature, has made these accounts particularly vulnerable. Researchers predict a rise in similar cyberattacks leveraging secure messaging applications amid ongoing geopolitical tensions.
Affected: Signal messenger accounts of Ukrainian military personnel and government officials
Keypoints :
- Phishing messages are used to infect devices with malware and gain access to Signal accounts.
- Malicious QR codes mimic legitimate group invites, allowing hackers to link their device to the victim’s account.
- Russian threat actors are stealing Signal database files, with notable groups like Sandworm and Turla involved in these activities.
- Google expects attacks on Signal to increase both in frequency and in the range of actors involved.
- Signal is enhancing security features in response to the ongoing threat and assisting in investigating these attacks.
Source: https://therecord.media/russian-state-hackers-spy-on-ukraine-military-signal