CyberSecurityBoard
Sponsor Register Login

New APT28 Attack via Signal Messenger Uncovered

A recent cybersecurity investigation has uncovered a new attack campaign by the notorious APT28 group leveraging the Signal Messenger platform. This sophisticated threat actor, known for its advanced persistent threat operations, has exploited Signal's encrypted messaging service to distribute malware and conduct espionage activities. The attack involves sending malicious links through Signal messages, which, when clicked, lead to the installation of spyware designed to steal sensitive information from targeted individuals and organizations. This novel use of a secure communication app highlights the evolving tactics of cyber adversaries who continuously seek innovative ways to bypass traditional security measures. Security experts emphasize the importance of vigilance when receiving unsolicited messages, even on trusted platforms like Signal. Organizations are urged to implement robust endpoint protection, conduct regular security awareness training, and monitor network traffic for unusual activities. This incident serves as a critical reminder that no platform is immune to cyber threats, and continuous adaptation of defense strategies is essential to safeguard digital assets. The cybersecurity community is closely monitoring the situation and collaborating to develop effective countermeasures against APT28's evolving tactics.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 16 Sep 2025 12:30:17 +0000


Cyber News related to New APT28 Attack via Signal Messenger Uncovered

Russian Groups Target Signal Messenger in Spy Campaign - But the tactics the threat actors are using in the campaign could well serve as a blueprint for other groups to follow in broader attacks on Signal, WhatsApp, Telegram, and other popular messaging apps, GTIG warned in a blog post this week. The other ...
7 months ago Darkreading.com Turla
France ties Russian APT28 hackers to 12 cyberattacks on French orgs - In a separate report published today, the French National Agency for the Security of Information Systems (ANSSI) says the list of French organizations attacked by APT28 military hackers includes ministerial entities, local governments, and ...
5 months ago Bleepingcomputer.com Fancy Bear APT28
Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private - The third new feature, which is not enabled by default and which Signal recommends mainly for high-risk users, allows you to turn off not just your number's visibility but its discoverability. That extra safeguard might be important if you don't want ...
1 year ago Wired.com
Running Signal Will Soon Cost $50 Million a Year - While Whittaker argues that Signal runs as lean an operation as possible, she also notes that many of its features cost more than they do for other communications platforms, due to the extra cost of enabling those features in privacy-preserving ways. ...
1 year ago Wired.com
New APT28 Attack via Signal Messenger Uncovered - A recent cybersecurity investigation has uncovered a new attack campaign by the notorious APT28 group leveraging the Signal Messenger platform. This sophisticated threat actor, known for its advanced persistent threat operations, has exploited ...
3 weeks ago Cybersecuritynews.com APT28
Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News - Google said that while these recent attacks were likely driven by wartime demands to access sensitive government and military communications in the context of Russia’s invasion of Ukraine, researchers expect attacks on Signal to grow and spread to ...
7 months ago Therecord.media Turla
X now blocks Signal contact links, flags them as malicious - According to BleepingComputer's tests and other users' reports, attempting to post Signal.me links via public posts, direct messages, or profile bios receive error messages citing spam or malware risks. Social media platform X (formerly Twitter) is ...
7 months ago Bleepingcomputer.com
Poland says Russian military hackers target its govt networks - Poland says a state-backed threat group linked to Russia's military intelligence service has been targeting Polish government institutions throughout the week. According to evidence found by CSIRT MON, the country's Computer Security Incident ...
1 year ago Bleepingcomputer.com CVE-2023-23397 APT28
France blames Russian military intelligence for years of cyberattacks on local entities | The Record from Recorded Future News - According to French officials, APT28 — also known as Fancy Bear or BlueDelta, and long believed to be an arm of the GRU’s Unit 26165 —has been behind cyber operations affecting around ten French entities since 2021. France has accused a hacker ...
5 months ago Therecord.media Fancy Bear APT28
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
1 year ago Securityboulevard.com Fancy Bear APT28 Volt Typhoon
Microsoft blames Russia for ongoing hacks of 9-month-old Exchange bug - Advanced persistent threat group APT28 is behind ongoing campaigns to steal sensitive government and corporate information. The threat group is reportedly abusing unpatched instances of a Microsoft Exchange flaw patched nine months ago, according to ...
1 year ago Packetstormsecurity.com CVE-2023-23397 CVE-2023-38831 APT28
Russian hackers exploiting Outlook bug to hijack Exchange accounts - Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted ...
1 year ago Bleepingcomputer.com CVE-2023-23397 CVE-2023-38831 CVE-2021-40444 APT28
France says Russian state hackers breached numerous critical networks - The Russian APT28 hacking group has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021. The threat group, which is considered part of Russia's military ...
1 year ago Bleepingcomputer.com CVE-2023-38831 CVE-2023-23397 APT28 Cactus
Meta Announces End-to-End Encryption by Default in Messenger - Yesterday Meta announced that they have begun rolling out default end-to-end encryption for one-to-one messages and voice calls on Messenger and Facebook. It will bring strong encryption to over one billion people, protecting them from dragnet ...
1 year ago Eff.org
Ukrainian military targeted in new Signal spear-phishing attacks - Ukraine's Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country's army forces. In February 2025, ...
6 months ago Bleepingcomputer.com
Meta rolls out default end-to-end encryption on Messenger, Facebook - Meta has announced that the immediate availability of end-to-end encryption for all chats and calls made through the Messenger app, as well as the Facebook social media platform. End-to-end encryption protects clear data by ensuring that it is ...
1 year ago Bleepingcomputer.com
CVE-2006-3366 - Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; ...
6 years ago
CVE-2021-47326 - In the Linux kernel, the following vulnerability has been resolved: x86/signal: Detect and prevent an alternate signal stack overflow The kernel pushes context on to the userspace stack to prepare for the user's signal handler. When the user has ...
1 year ago Tenable.com
Russian Hackers Attacking Signal Messenger Users To Gain Access To Sensitive Data - Google Threat Intelligence Group (GTIG) reveal an escalating campaign by multiple Russia-aligned threat actors targeting Signal Messenger users through sophisticated exploitation of the app’s “linked devices” feature. While the GTIG ...
7 months ago Cybersecuritynews.com Turla
Signal rolls out usernames that let you hide your phone number - End-to-end encrypted messaging app Signal finally allows users to pick custom usernames to connect with others while protecting their phone number privacy. This is part of a beta rollout that follows a public test phase in a staging environment ...
1 year ago Bleepingcomputer.com
Hackers Exploiting Output Messenger 0-Day Vulnerability to Deploy Malicious Payloads - “Once Marbled Dust gains access to the Output Messenger server, they can leverage the system architecture to gain indiscriminate access to the communications of every user, steal sensitive data, and impersonate users,” explained a ...
4 months ago Cybersecuritynews.com CVE-2025-27920
Vectra AI Launches Global, 24x7 Open MXDR Service Built to Defend Against Hybrid Attacks - PRESS RELEASE. San Jose, Calif. - February 15, 2024 - Vectra AI, Inc., the leader in hybrid attack detection, investigation and response, today announced the launch of Vectra MXDR services, the industry's first global, 24x7 open MXDR service built to ...
1 year ago Darkreading.com
Signal adds secure cloud backups to save and restore chats - Signal, the popular encrypted messaging app, has introduced a new feature allowing users to create secure cloud backups of their chats. This enhancement aims to provide a reliable way to save and restore conversations without compromising privacy. ...
1 month ago Bleepingcomputer.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
2 years ago Trendmicro.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)