Numerous Russian state-backed advanced persistent threat groups have been targeting the encrypted messaging app Signal's "linked devices" feature to circumvent the app's end-to-end encryption capabilities and facilitate cyberespionage efforts, according to SecurityWeek.Malicious device-linking QR codes have not only been added to phishing pages or spread via group invite links but also leveraged in close-access attacks, as conducted by the Sandworm operation, a report from Mandiant revealed. Intrusions involving a Signal phishing kit spoofing the Ukrainian military's Kropyva app have also been deployed by another Russian threat group to compromise Ukrainian military-owned Signal accounts. Such a phishing kit was discovered to include a JavaScript payload enabling user information and geolocation data compromise, noted the report, which urged the implementation of more stringent security measures among Signal users. "...[T]his threat also extends to other popular messaging applications such as WhatsApp and Telegram, which are also being actively targeted by Russian-aligned threat groups using similar techniques," said Mandiant researcher Dan Black.
Application security, Phishing, Threat Intelligence
Signal app exploited in Russian cyberespionage
(Photo Illustration by Rafael Henrique/SOPA Images/LightRocket via Getty Images)
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds