Russian State Threat Actors Targeting Signal Messenger Accounts

A Google blog by Dan Black discusses a recent finding by Google’s Threat Intelligence Group. It has identified a rise in Russian state-aligned cyberattacks targeting Signal Messenger accounts.

These attacks aim to gain unauthorized access to sensitive communications, particularly among military personnel, politicians, and journalists, in the context of Russia’s ongoing war in Ukraine.

The threat is not limited to Signal. Similar techniques are being used against WhatsApp and Telegram. Google warns that these methods will likely expand beyond the Ukrainian conflict, posing a broader risk to global cybersecurity.

Signal’s status as a secure messaging platform makes it a valuable target for espionage. Threat actors have exploited Signal’s “linked devices” feature, which allows multiple devices to connect to a single account.

Malicious QR codes are used in phishing campaigns to trick users into linking their accounts t o adversary-controlled devices. These tactics enable persistent surveillance, allowing attackers to access messages in real time.

 Some of these attacks have been carried out remotely through deceptive phishing pages, while others have involved direct access to captured devices in conflict zones. The use of these techniques by Russian cyber units, such as APT44 and UNC5792, highlights the growing sophistication of state-sponsored cyber threats.

To combat these threats, Signal Messenger has introduced security updates to counteract malicious device-linking attempts. Organizations and individuals should update their Signal applications to the latest version to benefit from these protections.

Attorneys should be aware that message platforms widely used by sub-groups that include their clients are ripe for cyberattacks by foreign threat actors. Warn clients to be vigilant against phishing attempts, implement multi-factor authentication, and educate their teams on emerging cyber threats.

Secure messaging platforms remain critical, but proactive defense strategies are essential to mitigating risks in an evolving cyber landscape.