What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-02-20 13:21:16 | (Déjà vu) Russia-Linked Actors Exploiting Signal Messenger\\'s “Linked Devices” Feature for Espionage in Ukraine (lien direct) | 
Overview
Google Threat Intelligence Group (GTIG) has identified multiple Russia-aligned threat actors actively targeting Signal Messenger accounts as part of a multi-year cyber espionage operation. The campaign, likely driven by Russia\'s intelligence-gathering objectives during its invasion of Ukraine, aims to compromise the secure communications of military personnel, politicians, journalists, and activists.
The tactics observed in this campaign include phishing attacks abusing Signal\'s linked devices feature, malicious JavaScript payloads and malware designed to steal Signal messages from compromised Android and Windows devices. While the focus remains on Ukrainian targets, the threat is expected to expand globally as adversaries refine their techniques.
Google has partnered with Signal to introduce security enhancements that mitigate these attack vectors, urging users to update to the latest versions of the app.
Tactics Used to Compromise Signal Accounts
Exploiting Signal\'s "Linked Devices" Feature
Russia-aligned threat actors have manipulated Signal\'s legitimate linked devices functionality to gain persistent access to victim accounts. By tricking users into scanning malicious QR codes, attackers can link an actor-controlled device to the victim\'s account, enabling real-time message interception without full device compromise.
The phishing methods used to deliver these malicious QR codes include:
Fake Signal group invites containing altered JavaScript redirects.
Phishing pages masquerading as Ukrainian military applications.
|
Malware Tool Vulnerability Threat Mobile Cloud Conference | APT 44 | ★★ |
 |
2025-02-19 14:00:00 | Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger (lien direct) | Written by: Dan Black
Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia\'s intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia\'s re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war. Signal\'s popularity among common targets of surveillance and espionage activity-such as military personnel, politicians, journalists, activists, and other at-risk communities-has positioned the secure messaging application as a high-value target for adversaries seeking to intercept sensitive information that could fulfil a range of different intelligence requirements. More broadly, this threat also extends to other popular messaging applications such as WhatsApp and Telegram, which are also being actively targeted by Russian-aligned threat groups using similar techniques. In anticipation of a wider adoption of similar tradecraft by other threat actors, we are issuing a public warning regarding the tactics and methods used to date to help build public awareness and help communities better safeguard themselves from similar threats. We are grateful to the team at Signal for their close partnership in investigating this activity. The latest Signal releases on Android and iOS contain hardened features designed to help protect against similar phishing campaigns in the future. Update to the latest version to enable these features. Phishing Campaigns Abusing Signal\'s "Linked Devices" Feature The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app\'s legitimate "linked devices" feature that enables Signal to be used on multiple devices concurrently. Because linking an additional device typically requires scanning a quick-response (QR) code, threat actors have resorted to crafting malicious QR codes that, when scanned, will link a victim\'s account to an actor-controlled Signal instance. If successful, future messages will be delivered synchronously to both the victim and the threat actor in real-time, providing a persistent means to eavesdrop on the victim\'s secure conversations without the need for full-device compromise. |
Malware Threat Mobile Cloud Commercial | APT 44 | ★★ |
1
We have: 2 articles.
We have: 2 articles.
To see everything:
Our RSS (filtrered)
