Google’s Threat Intelligence Group issued a warning on Wednesday regarding Russian military intelligence targeting Signal accounts used by Ukraine’s military. The group stated that they have noticed a significant increase in attempts by Russia state-aligned threat actors to compromise Signal Messenger accounts belonging to individuals of interest to Russian intelligence services.
According to GTIG, the GRU is utilizing devices captured in Ukraine to connect Signal accounts on these devices to hacker-controlled infrastructure. While Ukraine’s military is currently the primary target of the Russian Signal hacking efforts, GTIG anticipates that these tactics and methods will expand to other threat actors and regions beyond the Ukrainian conflict zone in the near future.
In a recent statement, Google revealed that a suspected Russian espionage group known as UNC5792 has been manipulating legitimate group invite Signal pages to redirect users to malicious URLs. The hacking techniques employed by the GRU to compromise Signal accounts could also be used to target WhatsApp and Telegram accounts, according to Google.
The Russian hackers are taking advantage of a legitimate Signal feature that allows for simultaneous usage on multiple devices by using malicious QR codes to link a victim’s account to a hacker-controlled one. Once successfully hacked, the malicious actor can eavesdrop on the victim’s secure conversations without needing to compromise the entire device, enabling real-time interception of communications.
Google highlighted that the Russian hackers are conducting tailored remote phishing operations paired with the deployment of malicious QR codes embedded in phishing pages designed to mimic special apps utilized by Ukraine’s military. Despite these efforts, Signal’s end-to-end encryption remains uncompromised, providing a level of security for user communications.
Signal’s senior technologist, Josh Lund, informed Politico EU that Signal has implemented measures to raise awareness and protect users from the social engineering attacks described in the report. These measures include a revamped user interface with additional authentication steps and notifications for newly linked devices.
In response to the escalating cyber threats, it is essential for users to remain vigilant and take necessary precautions to safeguard their communications. As the tactics employed by Russian hackers continue to evolve, it is crucial for individuals and organizations to stay informed and adapt their security practices accordingly to mitigate potential risks associated with malicious cyber activities.