Russian government hackers have been linked to a campaign targeting Signal users with phishing attacks. Donncha Ó Cearbhaill, a security researcher, became a direct target earlier this year. The message he received impersonated Signal support and requested a verification code. He quickly realized it was an attempt by Russian government hackers to access his account. Instead of ignoring it, he launched his own investigation.

Russian government hackers.

Ó Cearbhaill told TechCrunch that he had never faced such an attack before. Therefore, having the incident in his inbox gave him a rare chance to study the tactics in real-time. As his investigation continued, it became clear the attack was part of a larger campaign. Russian government hackers used similar methods, impersonating Signal and tricking users into sharing codes.

Consequently, cybersecurity agencies in the U.S., U.K., and Netherlands have linked these attacks to Russian government hackers. Their warnings suggest a well-coordinated effort targeting journalists, politicians, and researchers. Additionally, Signal itself has acknowledged ongoing phishing attacks against its user base.

Furthermore, Ó Cearbhaill discovered that more than 13,500 people were targeted. He identified the automated system used in the attacks, called ApocalypseZ, which let Russian government hackers scale their operations. The codebase and interface were in Russian, and victim chats were translated for easier exploitation.

Ó Cearbhaill suspects the attackers used a “snowball” approach. Once they compromised a target, they found more potential victims by harvesting contacts. He believes he was targeted because of his connections to other victims. Despite being targeted, he doubts Russian government hackers will single him out again.

Additionally, he advises Signal users to enable Registration Lock to protect their accounts. The ongoing campaign suggests the real number of affected users could be even higher. For more details on this evolving story, read the original source.

Tags: Russian government hackers, Russian cyber attacks, Signal phishing, state-sponsored hackers, cybersecurity threats, Kremlin hackers, phishing campaign, spyware investigation