Russian phishing campaigns exploit Signal's device-linking feature
Russian threat actors are exploiting Signal's "Linked Devices" feature through phishing campaigns using malicious QR codes, allowing unauthorized access to accounts and monitoring conversations. Users are advised to enhance security measures.
Read original article
Russian threat actors have been conducting phishing campaigns that exploit the "Linked Devices" feature of the Signal messaging app to gain unauthorized access to user accounts. According to a report from Google Threat Intelligence Group (GTIG), these campaigns involve creating malicious QR codes that trick victims into linking their Signal accounts to devices controlled by the attackers. This method allows the attackers to monitor secure conversations without needing to fully compromise the target's device. The phishing operations have been tailored to specific targets, with attackers disguising malicious links as legitimate app resources or device pairing instructions. Notably, the Russian hacker group Sandworm has utilized this technique to access Signal accounts from devices captured in military operations. Additionally, a custom phishing kit has been developed to target Ukrainian military personnel by impersonating a software used for military operations. GTIG warns that this type of compromise is difficult to detect, as there are no technical solutions to monitor newly linked devices. Users are advised to update their Signal app, enable two-factor authentication, and exercise caution with QR codes to mitigate risks.
- Russian phishing campaigns exploit Signal's device-linking feature.
- Attackers use malicious QR codes to gain access to Signal accounts.
- The technique allows monitoring of conversations without full device compromise.
- Custom phishing kits target specific groups, such as military personnel.
- Users are advised to update their app and enable security features to protect against these threats.
Related
US and UK govts warn: Russia scanning for your unpatched vulnerabilities
A joint US-UK advisory warns that Russian hackers APT29 are exploiting unpatched vulnerabilities in systems, urging organizations to enhance defenses, apply patches, and train employees against rising phone-assisted phishing scams.
Russia Targeting Ukrainian Military Recruits with Android, Windows Malware
Google reported a Russian cyberespionage campaign, UNC5812, targeting Ukrainian military recruits through malware on Telegram. The campaign aims to disrupt mobilization efforts and discredit the military, prompting Google to intervene.
Russia takes unusual route to hack Starlink-connected devices in Ukraine
Russian hackers known as Secret Blizzard are targeting Ukrainian military devices using malware and tactics from other cybercriminal groups, including spear phishing and exploiting compromised servers, while adapting their methods over time.
Russia takes unusual route to hack Starlink-connected devices in Ukraine
Russian hackers, known as Secret Blizzard, are targeting Starlink-connected devices used by Ukrainian forces, employing spear phishing and malware from other groups to enhance their cyber operations.
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
Russian threat actors are conducting politically themed phishing campaigns targeting Microsoft 365 accounts via Device Code Authentication. Volexity identifies three distinct groups, emphasizing the need for increased awareness of these tactics.
0 commentsRelated
US and UK govts warn: Russia scanning for your unpatched vulnerabilities
A joint US-UK advisory warns that Russian hackers APT29 are exploiting unpatched vulnerabilities in systems, urging organizations to enhance defenses, apply patches, and train employees against rising phone-assisted phishing scams.
Russia Targeting Ukrainian Military Recruits with Android, Windows Malware
Google reported a Russian cyberespionage campaign, UNC5812, targeting Ukrainian military recruits through malware on Telegram. The campaign aims to disrupt mobilization efforts and discredit the military, prompting Google to intervene.
Russia takes unusual route to hack Starlink-connected devices in Ukraine
Russian hackers known as Secret Blizzard are targeting Ukrainian military devices using malware and tactics from other cybercriminal groups, including spear phishing and exploiting compromised servers, while adapting their methods over time.
Russia takes unusual route to hack Starlink-connected devices in Ukraine
Russian hackers, known as Secret Blizzard, are targeting Starlink-connected devices used by Ukrainian forces, employing spear phishing and malware from other groups to enhance their cyber operations.
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
Russian threat actors are conducting politically themed phishing campaigns targeting Microsoft 365 accounts via Device Code Authentication. Volexity identifies three distinct groups, emphasizing the need for increased awareness of these tactics.