FlagThis

Russian state-sponsored hackers are actively exploiting the “linked devices� feature in Signal Messenger to conduct cyber-espionage campaigns. Groups like APT44 (Sandworm), UNC5792, UNC4221, and Turla target military personnel, politicians, and activists to compromise their secure communications. These actors abuse Signal’s feature to gain persistent access to accounts, using phishing tactics to trick users into linking their devices to attacker-controlled systems. Mandiant warns of the real-time spying risks associated with this activity, which primarily targets Ukrainian entities amidst Russia’s ongoing invasion.

Hewlett Packard Enterprise (HPE) experienced a data breach in May 2023, attributed to the Russian state-sponsored hacking group Midnight Blizzard (also known as Cozy Bear or APT29). The breach involved their Office 365 email environment and was confirmed in December 2023. The breach compromised employee data and was contained after its discovery.

The European Union has sanctioned three Russian nationals, identified as Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov, for their involvement in cyber attacks targeting Estonia’s key ministries in 2020. These individuals are members of the GRU Unit 29155, a Russian military intelligence unit known for its cyber operations. These sanctions highlight the ongoing geopolitical tensions and the attribution of state-sponsored cyber activities. The EU’s action underscores the international effort to hold nation-state actors accountable for their malicious cyber activities, aiming to deter future attacks and ensure the security of digital infrastructure.