FlagThis

Russian state-aligned hackers are exploiting the "Linked Devices" feature in Signal Messenger to conduct cyber-espionage campaigns. Google's Threat Intelligence Group (GTIG) has uncovered these campaigns, revealing that the hackers are using phishing tactics to gain unauthorized access to Signal accounts. These campaigns involve tricking users into linking their devices to systems controlled by the attackers.

Russian threat actors are launching phishing campaigns that exploit the legitimate "Linked Devices" feature in the Signal messaging app to gain unauthorized access to accounts of interest. The hackers employ sophisticated methods to trick targets into linking their Signal account to a device controlled by the attacker, compromising their secure communications.

ImgSrc: securityaffairs

References :

• cyberinsider.com: Russian Hackers Exploit Signal’s Linked Devices to Spy on Users
• BleepingComputer: Russian threat actors have been launching phishing campaigns that exploit the legitimate "Linked Devices" feature in the Signal messaging app to gain unauthorized access to accounts of interest.
• www.bleepingcomputer.com: Russian threat actors have been launching phishing campaigns that exploit the legitimate "Linked Devices" feature in the Signal messaging app to gain unauthorized access to accounts of interest.
• CyberInsider: Google's Threat Intelligence Group (GTIG) has uncovered a series of cyber-espionage campaigns by Russian state-aligned hackers targeting Signal Messenger accounts.
• securebulletin.com: Russia-Aligned actors intensify targeting of Signal Messenger
• securityaffairs.com: Russia-linked threat actors exploit Signal messenger
• Talkback Resources: Russian Groups Target Signal Messenger in Spy Campaign [app] [social]
• cloud.google.com: Russian Threat Actors targeting Signal messenger accounts used by individuals of interest to Russia's intelligence services. The goal seems to be espionage or military reconnaissance in context of war in Ukraine.
• bsky.app: Russian Threat Actors targeting Signal messenger accounts used by individuals of interest to Russia's intelligence services. The goal seems to be espionage or military reconnaissance in context of war in Ukraine. https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger
• cyble.com: Russia-Linked Actors Exploiting Signal Messenger’s “Linked Devicesâ€� Feature for Espionage in Ukraine
• Talkback Resources: State-aligned threat actors, particularly from Russia, are targeting Signal Messenger accounts through phishing campaigns to access sensitive government and military communications, exploiting the app's "linked devices" feature for eavesdropping on secure conversations.
• cyberscoop.com: Russian-aligned threat groups dupe Ukrainian targets via Signal
• Talkback Resources: Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger [social]
• Threats | CyberScoop: Russia-aligned threat groups dupe Ukrainian targets via Signal
• www.onfocus.com: Google Threats on Signals of Trouble
• cyberriskleaders.com: Russian Hackers Targeting Ukrainian Signal Users with Malicious QR Codes
• arstechnica.com: Russia-aligned hackers are targeting Signal users with device-linking QR codes Swapping QR codes in group invites and artillery targeting are latest ploys.
• MeatMutts: Google Warns of Russian Hacking Campaign Targeting Ukraine’s Military on Signal
• Talkback Resources: Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes
• thecyberexpress.com: Russian state-sponsored hackers are ramping up efforts to compromise Signal messenger accounts, particularly those used by Ukrainian military personnel, government officials, and other key figures.

Classification:

• HashTags: #SignalMessenger #CyberEspionage #RussianHackers
• Company: Google
• Target: Signal Users
• Attacker: Russian APT
• Product: Signal
• Feature: Linked Devices
• Malware: Linked Signal Devices
• Type: Espionage
• Severity: Major