Russia’s allied computer pirates launch an offensive against users of this messaging application. Google is very worried
Russian Hackers Exploit Signal’s ‘Linked Devices’ Feature in Espionage Tactics
Despite Telegram being a go-to alternative for many, offering extensive functionality and customization, it is facing backlash in cybersecurity due to collaborating more closely with the police, providing user data
upon request (end of August 2024) and its use by Ukraine. According to the source, “Ukraine authorities ordered military and government officials to stop using Telegram to use Signal, which is safer due to its encryption.
“
The shift towards Signal, however, has not eliminated the security challenges. The problem is that Russian hackers are now also attacking this application with QR codes
to deceive users. Therefore, despite Signal’s robust encryption, its ‘Linked Devices’ feature is being weaponized. In essence, this is no mere blip in cybersecurity but signals a grim trend.
Google Threat Intelligence Group Alerts to Escalating Cyber Threats
In a telling move towards a safer digital landscape, Google’s Threat Intelligence Group (GTIG) publicized findings. Following their discoveries, GTIG stand vigilant, due to hackers unconstrained in their relentless crusade. Particularly alarming is their revelation of an increase in the efforts of several hackers aligned with Russia to compromise Signal Messenger accounts
of individuals of interest to Russian intelligence.
According to the GTIG, the tactics and methods used to attack Signal will increase
in the near-term future. As a recent development, GTIG is now detecting a broader scope of the problem. They predict far-reaching cyber witchery, spreading to varied regions that mightn’t be directly involved in military conflicts. The most novel and widely used technique by the attackers is the abuse of the ‘Linked Devices’ function, which allows the application to be used on several devices at the same time.
The feature necessitates scanning a QR code to establish a connection. The pernicious exploit involves creating malicious versions of such codes that, when scanned, link a victim’s account to an instance of Signal controlled by the hacker.
If the intrusion is executed smoothly, future messages will be sent synchronized both to the victim and the attacker in real time, allowing conversations to be spied on without compromising the device.
An identified Russian espionage group, UNC5792— exhibiting traits beforehand noted by Certified-UA through UAC-0195—has manipulated legitimate pages
of “Invitation to Groups.” They have intricately tapped into phishing campaigns, substituting expected group redirects with malicious URLs specifically designed to caunch Signal into a redirection to a malicious url Designed to link a device controlled by the actor to the signal of the victim.
Google appreciates Signal’s supportive cooperation in their intense investigation. The newest Android and iOS versions incorporate intensified reinforced functions designed to help protect similar phishing campaigns in the future.
Hence, users must prioritize upgrading to the newest Signal version.