menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Google News

>

Signals of...
source image

Cloudblog

2M

read

298

img
dot

Image Credit: Cloudblog

Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger

  • Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services, likely due to wartime demands associated with the re-invasion of Ukraine.
  • Signal's popularity among targets like military personnel and politicians has made it a prime target for adversaries seeking to intercept sensitive information; similar tactics are also being used on other messaging apps like WhatsApp and Telegram.
  • Russian-aligned threat actors exploit Signal's 'linked devices' feature through malicious QR codes to eavesdrop on conversations, posing a significant risk of undetected compromise.
  • Threat actors engage in remote phishing operations, embedding malicious QR codes as group invites or security alerts, with tailored techniques to target Ukrainian military personnel.
  • APT44 enables Russian military forces to link Signal accounts captured on the battlefield to actor-controlled infrastructure, highlighting the sophistication of these operations.
  • Russia-linked actors like UNC5792 and UNC4221 alter legitimate group invites and craft phishing kits mimicking trusted applications to compromise Signal accounts.
  • Multiple threat actors devise methods to steal Signal messages, with examples such as APT44 using Windows Batch scripts and Turla leveraging PowerShell to exfiltrate data.
  • The widespread targeting of Signal accounts underscores the escalating threat to secure messaging apps, necessitating user vigilance and security measures like two-factor authentication and regular device audits.
  • Russian and Belarusian threat actors operate to steal Signal messages, displaying a coordinated effort to undermine encryption and gain access to sensitive communications.
  • The detailed IOCs provided and highlighted threat actors' tactics and techniques offer insight into the malicious operations targeting Signal, stressing the need for enhanced cybersecurity measures.
  • The demonstrated urgency in protecting against these threats extends to practices like enabling screen lock on devices, updating operating systems promptly, and being cautious with QR codes and web resources.

Read Full Article

like

17 Likes

share

4 Shares

For uninterrupted reading, download the app