Government security

Poland directs officials to cease Signal use amid cyberattack concerns

The Signal app icon on a smartphone.

As reported by Security Affairs, Poland has instructed government officials to discontinue the use of the popular instant messaging application Signal for sensitive communications. This directive follows a series of cyberattacks targeting government accounts, with suspicions pointing towards Russian-backed advanced persistent threat (APT) groups.

The cyberattacks did not compromise Signal's encryption but instead relied on social engineering and account takeover tactics. Attackers impersonated Signal support staff or bots to trick users into revealing verification codes or PINs. Another method involved malicious QR codes or links that allowed attackers to remotely link their devices to victims' accounts, granting access to private chats and conversation history. These campaigns targeted politicians, military personnel, and public servants, posing a significant threat to national security.

In response, Poland's Ministry of Digital Affairs is recommending the use of state-developed alternatives, including mSzyfr Messenger for general encrypted communication and SKR-Z for classified information up to the "Restricted" level. This move aligns with similar actions in other European countries, such as Germany and the Netherlands, highlighting a broader trend of governments seeking more controlled communication platforms due to the vulnerability of users to phishing and impersonation attacks, rather than inherent flaws in the encryption of widely used apps.

Source: Security Affairs

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds