DIGITAL LIFE
Russia launches attack on Signal app
Google warned on Wednesday (19/02) that Russia is attacking Ukrainian soldiers' accounts on Signal, an app for exchanging text messages, voice and video calls, similar to WhatsApp.
"The Google Threat Intelligence Group (GTIG) has observed increasing efforts by multiple threat actors aligned with the Russian state to compromise Signal accounts used by individuals of interest to Russian intelligence services," Google began by warning in a statement published on the company's official website.
The technology company admits that this "operational interest" was triggered by "war demands" to gain access to "sensitive government and military communications in the context of the Russian invasion", and predicts that the "tactics and methods" to attack accounts on the app will increase in the "short term" and extend to "regions outside the Ukrainian theater of war".
"Signal's popularity among common targets of surveillance and espionage activities – such as military personnel, politicians, journalists, activists and other at-risk communities – has positioned the messaging app as a high-value target for adversaries seeking to intercept sensitive information," the company's statement reads. Google also thanks the Signal team for their "close partnership" in investigating these attacks and advises users of the app to update it to strengthen security.
"The latest versions of Signal for Android and iOS contain enhanced features designed to help protect against similar phishing campaigns in the future. Update to the latest version to enable these features," the statement adds. "This emerging operational interest was likely triggered by the war to gain access to sensitive government and military communications," Google said in a statement.
The company noted that "the tactics and methods used to target Signal will grow in prevalence in the near term and proliferate to other threat actors and regions." Signal's popularity among military personnel, politicians, journalists and other at-risk communities has positioned the app as a valuable target for adversaries seeking to intercept sensitive information, Google said.
The technology company also noted that the threat extends to other apps such as WhatsApp and Telegram, which have also been actively used by Russia in similar situations. Google also said that the latest versions of Signal on Android and iOS contain enhanced features designed to help protect against similar phishing campaigns. Signal Messenger is a text messaging, voice and video calling app, similar to WhatsApp.
Russian cybercriminal groups are using the Signal app’s device linking feature to access third-party messages in a new phishing campaign discovered by the Google Threat Intelligence Group (GTIG).
To monitor conversations in real time, attackers use modified QR codes embedded in fake group invitations or device pairing instructions on the messaging app’s website. These are shared with targets as if they were legitimate.
By scanning the malicious QR code, the victim unknowingly links their account to the cybercriminal’s device, as if they were using the messaging service on a second phone or computer, allowing the cybercriminal to access conversations. The campaign is also using the same feature on WhatsApp and Telegram.
There are at least three Russian groups exploiting Signal’s device linking to monitor messages, according to Google security researchers, including Sandworm, also known as APT44. Others involved include UNC5792 and UNC4221.
By monitoring the messages of people involved in the conflict, Russian troops could gain an advantage on the battlefield, gaining access to plans, strategies, and other important information from Ukrainian forces.
The researchers reported that Signal recently released security updates on Android and iOS, strengthening protection against phishing techniques that can be used to link the account on unknown devices. Therefore, it is important to always keep the app updated.
In addition, they recommend checking the list of devices linked to your account frequently. Other tips include using a long and complex password for your phone's screen lock, activating two-factor authentication, and being careful when interacting with QR Codes sent by unknown people.
mundophone
No comments:
Post a Comment