FlagThis

Russian state-sponsored hackers are actively exploiting the “linked devices� feature in Signal Messenger to conduct cyber-espionage campaigns. Groups like APT44 (Sandworm), UNC5792, UNC4221, and Turla target military personnel, politicians, and activists to compromise their secure communications. These actors abuse Signal’s feature to gain persistent access to accounts, using phishing tactics to trick users into linking their devices to attacker-controlled systems. Mandiant warns of the real-time spying risks associated with this activity, which primarily targets Ukrainian entities amidst Russia’s ongoing invasion.