CP
cyberpings
Threat IntelHIGH

Threat Intel - Russian Hackers Target Signal and WhatsApp

THThe Hacker News
SignalWhatsAppphishingRussian Intelligencecyber espionage
🎯

Basically, Russian hackers are tricking people to steal their messaging accounts.

Quick Summary

Russian hackers are targeting Signal and WhatsApp in phishing attacks. High-value individuals are at risk of account compromise. Stay alert and protect your sensitive information from these threats.

The Threat

The FBI has issued a warning about phishing campaigns led by Russian hackers targeting popular messaging apps like Signal and WhatsApp. These attacks aim to compromise accounts belonging to individuals deemed of high intelligence value, such as government officials, military personnel, and journalists. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI revealed that these campaigns have led to unauthorized access to thousands of accounts worldwide.

The attackers do not exploit security flaws in the apps' encryption but instead rely on social engineering tactics. By posing as trusted contacts or services, they trick victims into providing sensitive information. This alarming trend highlights the ongoing threat posed by state-sponsored actors in the realm of cyber espionage.

Who's Behind It

While the FBI has not attributed these attacks to a specific group, prior intelligence reports have linked them to several Russian-aligned threat clusters. These include groups known as Star Blizzard, UNC5792, and UNC4221. The campaigns have been so effective that they have drawn attention from cybersecurity agencies in multiple countries, including France, Germany, and the Netherlands.

The attackers often impersonate legitimate services, such as a non-existent 'Signal Support Bot', to gain victims' trust. This strategy allows them to exploit the social dynamics of communication, making it easier to deceive individuals into revealing their login credentials.

Tactics & Techniques

The phishing campaign employs two primary methods to compromise accounts:

  1. Requesting PINs or verification codes: If victims provide these, the attackers can recover the account, gaining access to messages and contact lists. Although they cannot view past messages, they can send messages as the victim, potentially conducting further phishing attacks.
  2. Malicious links or QR codes: Clicking these links allows the attackers to link their devices to the victim's account, granting them access to all messages, including historical ones. In this scenario, victims retain access to their accounts unless removed from the app settings.

Defensive Measures

To protect against these phishing attacks, users should:

  • Never share SMS codes or verification PINs with anyone.
  • Exercise caution when receiving unexpected messages from unknown contacts.
  • Verify links before clicking on them.
  • Regularly review linked devices and remove any that seem suspicious.

Signal has emphasized that they will never ask for verification codes or PINs through in-app messages or social media. Staying informed and vigilant is crucial in combating these sophisticated phishing strategies. By understanding the tactics used by attackers, users can better protect their accounts and sensitive information from falling into the wrong hands.

🔒 Pro insight: This campaign reflects a strategic focus on high-value targets, indicating a potential shift in Russian cyber operations towards more personalized attacks.

Original article from

The Hacker News

Read Full Article

Share

Related Pings

HIGHThreat Intel

Trivy Compromise - Credential Theft from GitHub Action

A major supply chain attack has compromised Trivy's GitHub Action, risking credential theft across thousands of CI/CD pipelines. Organizations must act fast to secure their environments and rotate exposed secrets. Don't let your data fall into the wrong hands!

Cyber Security News·
HIGHThreat Intel

Threat Intel - Russian Hackers Target High-Value Individuals

Russian hackers are targeting high-value individuals through Signal, using social engineering to compromise accounts. This poses serious risks to sensitive communications. Stay vigilant and protect your data.

Cyber Security News·
HIGHThreat Intel

Iranian Cyberattacks - Prepping for US and Israel Strikes

Iranian APTs are ramping up cyberattacks in response to recent US-Israel strikes. This poses significant risks to critical infrastructure and global cybersecurity. Vigilance and robust defenses are essential.

SC Media·
HIGHThreat Intel

Threat Intel - Russian APT Exploits Zimbra Bug in Ukraine

A Russian APT exploits a critical Zimbra vulnerability to target Ukraine's State Hydrology Agency. This attack uses phishing tactics to steal sensitive data, raising significant security concerns.

SC Media·
HIGHThreat Intel

Threat Intel - US Disrupts Handala Hacktivist Operations

The U.S. has disrupted Handala's hacktivist websites following their attack on Stryker. This operation aims to prevent further cyber exploitation. Handala's response shows their determination to continue their activities despite the setback.

SC Media·
HIGHThreat Intel

Supply Chain Compromise - Inside the trivy-action Incident

A significant supply chain compromise involving the trivy-action GitHub Action was discovered. This incident affects many developers and organizations, highlighting vulnerabilities in trusted software components. Immediate action is required to secure environments and prevent unauthorized access.

CrowdStrike Blog·