Russian Hackers Attacking Signal Messenger Users To Gain Access To Sensitive Data

Google Threat Intelligence Group (GTIG) reveal an escalating campaign by multiple Russia-aligned threat actors targeting Signal Messenger users through sophisticated exploitation of the app’s “linked devices” feature. While the GTIG analysts detected that the linked devices functionality, which allows simultaneous use of Signal across multiple devices via QR code pairing, has become the primary attack vector for groups including UNC5792, UNC4221, and APT44 (Sandworm). Signal has released updated Android/iOS versions with improved phishing detection, but users must manually enable two-factor authentication and audit linked devices. Attackers host counterfeit group invites on domains like “signal-groups[.]tech” containing malicious JavaScript that substitutes legitimate group join functionality with device-linking commands. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This subtle code alteration tricks users into linking their account to attacker-controlled devices rather than joining a group. The WAVESIGN batch script and Turla’s PowerShell modules demonstrate parallel efforts to exfiltrate Signal databases from compromised devices. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 19 Feb 2025 12:55:04 +0000

Cyber News related to Russian Hackers Attacking Signal Messenger Users To Gain Access To Sensitive Data

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
4 months ago Aws.amazon.com

Russian Groups Target Signal Messenger in Spy Campaign - But the tactics the threat actors are using in the campaign could well serve as a blueprint for other groups to follow in broader attacks on Signal, WhatsApp, Telegram, and other popular messaging apps, GTIG warned in a blog post this week. The other ...
1 day ago Darkreading.com

Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News - Google said that while these recent attacks were likely driven by wartime demands to access sensitive government and military communications in the context of Russia’s invasion of Ukraine, researchers expect attacks on Signal to grow and spread to ...
1 day ago Therecord.media

Running Signal Will Soon Cost $50 Million a Year - While Whittaker argues that Signal runs as lean an operation as possible, she also notes that many of its features cost more than they do for other communications platforms, due to the extra cost of enabling those features in privacy-preserving ways. ...
1 year ago Wired.com

Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private - The third new feature, which is not enabled by default and which Signal recommends mainly for high-risk users, allows you to turn off not just your number's visibility but its discoverability. That extra safeguard might be important if you don't want ...
1 year ago Wired.com

FSB arrests Russian hackers working for Ukrainian cyber forces - The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Both suspects were taken into custody one same day in two different ...
1 year ago Bleepingcomputer.com

X now blocks Signal contact links, flags them as malicious - According to BleepingComputer's tests and other users' reports, attempting to post Signal.me links via public posts, direct messages, or profile bios receive error messages citing spam or malware risks. Social media platform X (formerly Twitter) is ...
3 days ago Bleepingcomputer.com

Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
1 year ago Bleepingcomputer.com

Russian hackers wiped thousands of systems in KyivStar attack - The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped almost all systems on the telecom operator's network. Following the incident, Kyivstar's mobile and data services went down, ...
1 year ago Bleepingcomputer.com

Russian Hackers Attacking Signal Messenger Users To Gain Access To Sensitive Data - Google Threat Intelligence Group (GTIG) reveal an escalating campaign by multiple Russia-aligned threat actors targeting Signal Messenger users through sophisticated exploitation of the app’s “linked devices” feature. While the GTIG ...
1 day ago Cybersecuritynews.com

Russian hackers use Ngrok feature and WinRAR exploit to attack embassies - After Sandworm and APT28, another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names and has been targeting embassy entities with a BMW car ...
1 year ago Bleepingcomputer.com

HPE: Russian hackers breached its security team's email accounts - Hewlett Packard Enterprise disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. Midnight ...
1 year ago Bleepingcomputer.com

Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
1 year ago Bleepingcomputer.com

Ukraine says it hacked Russian aviation agency, leaks data - Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector. Rosaviatsia is the agency responsible for ...
1 year ago Bleepingcomputer.com

Who Is Behind Pro-Ukrainian Cyberattacks on Iran? - COMMENTARY. Ukrainian cyber forces have attacked Russian infrastructure and assets almost since the first day of the Russian invasion of Ukraine on Feb. 24, 2022. While its mainstay is denial-of-service attacks that have knocked out the Russian ...
1 year ago Darkreading.com

Ukrainian military says it hacked Russia's federal tax agency - The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service, wiping the agency's database and backup copies. Following this operation, carried out by cyber units within Ukraine's Defense Intelligence, ...
1 year ago Bleepingcomputer.com

Meta Announces End-to-End Encryption by Default in Messenger - Yesterday Meta announced that they have begun rolling out default end-to-end encryption for one-to-one messages and voice calls on Messenger and Facebook. It will bring strong encryption to over one billion people, protecting them from dragnet ...
1 year ago Eff.org

Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
1 year ago Bleepingcomputer.com

How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
2 years ago Hackread.com

Pro-Ukraine hackers breach Russian ISP in revenge for KyivStar attack - A pro-Ukraine hacktivist group named 'Blackjack' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator. Kyivstar is Ukraine's largest telecommunications ...
1 year ago Bleepingcomputer.com

Detained Russian student allegedly helped Ukrainian hackers with cyberattacks - A Russian tech student could face treason charges for helping Ukrainian hackers carry out cyberattacks against Russia. A resident of the Siberian city of Tomsk, Seymour Israfilov was detained by Russian security services in October, but little ...
1 year ago Therecord.media

Ukrainian activists hack Trigona ransomware gang, wipe servers - A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available. The Ukrainian Cyber Alliance fighters say they exfiltrated ...
1 year ago Bleepingcomputer.com

FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
1 year ago Bleepingcomputer.com

Meta rolls out default end-to-end encryption on Messenger, Facebook - Meta has announced that the immediate availability of end-to-end encryption for all chats and calls made through the Messenger app, as well as the Facebook social media platform. End-to-end encryption protects clear data by ensuring that it is ...
1 year ago Bleepingcomputer.com

Latest Cyber News

Google Released PoC Exploit for Palo Alto Firewall Command Injection Vulnerability - 1 hour ago
New Active Directory Pentesting Tool For KeyCredentialLink Management - 2 hours ago
Windows Wi-Fi Password Stealer Malware Found Hosted on GitHub - 3 hours ago
China-linked hackers target European healthcare orgs in suspected espionage campaign | The Record from Recorded Future News - 4 hours ago
CVE-2025-27097 - 8 hours ago
CVE-2025-27098 - 8 hours ago
Apiiro unveils free scanner to detect malicious code merges - 8 hours ago
Black Basta ransomware gang's internal chat logs leak online - 8 hours ago
CVE-2025-0352 - 9 hours ago
CVE-2025-1265 - 9 hours ago
CVE-2025-24893 - 9 hours ago
CVE-2025-25299 - 9 hours ago
Ivanti Endpoint Manager Vulnerabilities Proof-of-Concept (PoC) Exploit Released - 9 hours ago
New NailaoLocker Ransomware Attacking European Healthcare - 9 hours ago
Beware of North Korean Job Interview Process Delivers Malware Via Fake Chrome Update - 10 hours ago
CVE-2025-27096 - 10 hours ago
CVE-2023-51336 - 10 hours ago
CVE-2023-51337 - 10 hours ago
CVE-2023-51338 - 10 hours ago
CVE-2023-51339 - 10 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Google Released PoC Exploit for Palo Alto Firewall Command Injection Vulnerability - 1 hour ago
New Active Directory Pentesting Tool For KeyCredentialLink Management - 2 hours ago
Windows Wi-Fi Password Stealer Malware Found Hosted on GitHub - 3 hours ago
China-linked hackers target European healthcare orgs in suspected espionage campaign | The Record from Recorded Future News - 4 hours ago
CVE-2025-1272 - 2 days ago
CVE-2025-27090 - 1 day ago
CVE-2023-51305 - 1 day ago
CVE-2024-10339 - 1 day ago
CVE-2024-37359 - 1 day ago
CVE-2024-37360 - 1 day ago
CVE-2024-5705 - 1 day ago
CVE-2024-5706 - 1 day ago
CVE-2025-21355 - 1 day ago
CVE-2025-24989 - 1 day ago
CVE-2025-25942 - 1 day ago
CVE-2025-25943 - 1 day ago
CVE-2025-25944 - 1 day ago
CVE-2025-25945 - 1 day ago
CVE-2025-25946 - 1 day ago
CVE-2025-25947 - 1 day ago