"According to the agencies, the attackers approach targets directly via chats and persuade them to share security verification codes or PINs, effectively giving the intruders full access to the account. In some cases, the attackers reportedly impersonate a Signal support bot to make the request look legitimate. Once the code is shared, attackers can log in and read messages or monitor group chats without needing to defeat the underlying encryption."
"Another trick involves abusing Signal's "linked devices" feature, which allows users to connect additional devices to their account. If an attacker manages to link their own device, they can effectively mirror the victim's messages in real time."
"Ironically, the very reason officials and reporters often favor these apps - their strong encryption - also makes them a juicy intelligence target once an account itself is compromised. End-to-end encryption protects messages in transit, but it does little if an attacker manages to log into the account itself."
Russian cyber operatives are conducting a large-scale campaign targeting Signal and WhatsApp accounts of government officials, journalists, and military personnel worldwide. Rather than attempting to crack end-to-end encryption, attackers use social engineering tactics to obtain security verification codes and PINs directly from targets through chat messages. Some attackers impersonate Signal support bots to appear legitimate. Once codes are obtained, attackers gain full account access and can read conversations and monitor group chats. Attackers also exploit Signal's linked devices feature to mirror messages in real time. The Dutch intelligence agencies AIVD and MIVD confirmed the campaign has successfully compromised victims, including Dutch government employees and journalists, likely obtaining sensitive information.
#russian-cyber-attacks #social-engineering #signal-and-whatsapp-security #account-compromise #government-and-journalist-targeting
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]