CyberSecurityBoard
Sponsor Register Login

Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News

Google said that while these recent attacks were likely driven by wartime demands to access sensitive government and military communications in the context of Russia’s invasion of Ukraine, researchers expect attacks on Signal to grow and spread to additional threat actors and regions. Russian state-backed hackers are increasingly targeting Signal messenger accounts — including those used by Ukrainian military personnel and government officials — in an effort to access sensitive information that could aid Moscow’s war effort, researchers warn. However, Google has also discovered a campaign in which the notorious Russian threat actor Sandworm assisted Russian military forces in linking Signal accounts from captured battlefield devices to their own systems for further exploitation. Russian hackers typically distribute these malicious QR codes remotely, disguising them as legitimate Signal group invites or security alerts, or embedding them in phishing pages that imitate websites used by the Ukrainian military. Google has observed similar techniques used by Russian threat actors in attacks on Ukrainian Signal users. Another Russian threat actor, tracked as UNC4221, developed a tailored Signal phishing kit that mimics the Kropyva application used by the Ukrainian armed forces for artillery guidance. In addition to linking hacker-controlled devices to victims’ Signal accounts, multiple well-established regional threat actors have also been stealing Signal database files from Android and Windows devices. “We expect secure messages and location data to frequently feature as joint targets in future operations of this nature, particularly in the context of targeted surveillance operations or support for conventional military operations,” the researchers said. The latest Signal releases for Android and iOS, for example, contain enhanced security features designed to help protect against similar phishing campaigns in the future, researchers said. Another Russian threat actor, Turla, has used a PowerShell script to exfiltrate Signal desktop messages. Ukrainian state cybersecurity officials have previously warned that Russian hacker groups actively exploit Signal to attack government and defense officials.

This Cyber News was published on therecord.media. Publication date: Wed, 19 Feb 2025 14:45:09 +0000


Cyber News related to Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News

Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News - Google said that while these recent attacks were likely driven by wartime demands to access sensitive government and military communications in the context of Russia’s invasion of Ukraine, researchers expect attacks on Signal to grow and spread to ...
1 day ago Therecord.media
Russian Groups Target Signal Messenger in Spy Campaign - But the tactics the threat actors are using in the campaign could well serve as a blueprint for other groups to follow in broader attacks on Signal, WhatsApp, Telegram, and other popular messaging apps, GTIG warned in a blog post this week. The other ...
1 day ago Darkreading.com
FSB arrests Russian hackers working for Ukrainian cyber forces - The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Both suspects were taken into custody one same day in two different ...
1 year ago Bleepingcomputer.com
Ukrainian military says it hacked Russia's federal tax agency - The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service, wiping the agency's database and backup copies. Following this operation, carried out by cyber units within Ukraine's Defense Intelligence, ...
1 year ago Bleepingcomputer.com
Ukraine security services involved in hack of Russia's largest private bank - Ukrainian hackers collaborated with the country's security services, the SBU, to breach Russia's largest private bank, a source within the department confirmed to Recorded Future News. Last week, two groups of pro-Ukrainian hackers, KibOrg and NLB, ...
1 year ago Therecord.media
Ukrainian hackers disrupt internet providers in Russia-occupied territories - Ukrainian hackers have temporarily disabled internet services in parts of the country's territories that have been occupied by Russia. The group of cyber activists known as the IT Army said on Telegram that their distributed denial-of-service attack ...
1 year ago Therecord.media
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies - After Sandworm and APT28, another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names and has been targeting embassy entities with a BMW car ...
1 year ago Bleepingcomputer.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
2 years ago Securityweek.com
Who Is Behind Pro-Ukrainian Cyberattacks on Iran? - COMMENTARY. Ukrainian cyber forces have attacked Russian infrastructure and assets almost since the first day of the Russian invasion of Ukraine on Feb. 24, 2022. While its mainstay is denial-of-service attacks that have knocked out the Russian ...
1 year ago Darkreading.com
Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
1 year ago Bleepingcomputer.com
Sandworm Hackers Caused Another Blackout in Ukraine-During a Missile Strike - The notorious unit of Russia's GRU military intelligence agency known as Sandworm remains the only team of hackers to have ever triggered blackouts with their cyberattacks, turning off the lights for hundreds of thousands of Ukrainian civilians not ...
1 year ago Wired.com
Ukrainian activists hack Trigona ransomware gang, wipe servers - A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available. The Ukrainian Cyber Alliance fighters say they exfiltrated ...
1 year ago Bleepingcomputer.com
Ukraine-Russia Cyber Battles Have Real-World Impact - "The evolution of cyberattacks and malware, particularly those that have an intersection with the use of generative AI, have lowered the barrier for entry for threat actors, leading to more threats and a greater volume of attacks," he says. ...
4 months ago Darkreading.com
Russian hackers wiped thousands of systems in KyivStar attack - The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped almost all systems on the telecom operator's network. Following the incident, Kyivstar's mobile and data services went down, ...
1 year ago Bleepingcomputer.com
Running Signal Will Soon Cost $50 Million a Year - While Whittaker argues that Signal runs as lean an operation as possible, she also notes that many of its features cost more than they do for other communications platforms, due to the extra cost of enabling those features in privacy-preserving ways. ...
1 year ago Wired.com
Ukraine: Hack wiped 2 petabytes of data from Russian research center - Planeta is a state research center using space satellite data and ground sources like radars and stations to provide information and accurate predictions about weather, climate, natural disasters, extreme phenomena, and volcanic monitoring. The ...
1 year ago Bleepingcomputer.com
Russian hackers hijack Ukrainian TV to broadcast Victory Day parade - Russia-aligned hackers hijacked several Ukrainian television channels on Thursday to broadcast a Victory Day parade in Moscow, commemorating the defeat of Nazi Germany in World War II. According to the Ukrainian agency responsible for television and ...
9 months ago Therecord.media
Detained Russian student allegedly helped Ukrainian hackers with cyberattacks - A Russian tech student could face treason charges for helping Ukrainian hackers carry out cyberattacks against Russia. A resident of the Siberian city of Tomsk, Seymour Israfilov was detained by Russian security services in October, but little ...
1 year ago Therecord.media
Ukraine cyber officials warn of a 'surge' in Smokeloader attacks on financial, government entities - Suspected Russian cybercriminals have increased their attacks against Ukrainian financial and government organizations using Smokeloader malware, according to Ukrainian cybersecurity officials. Since May of this year, the malware operators have ...
1 year ago Therecord.media
Latvia confirms phishing attack on Ministry of Defense, linking it to Russian hacking group - The Russian cyber-espionage group known as Gamaredon may have been behind a phishing attack on Latvia's Ministry of Defense last week, the ministry told The Record on Friday. Hackers sent malicious emails to several employees of the ministry, ...
2 years ago Therecord.media
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
1 year ago Securityboulevard.com
Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private - The third new feature, which is not enabled by default and which Signal recommends mainly for high-risk users, allows you to turn off not just your number's visibility but its discoverability. That extra safeguard might be important if you don't want ...
1 year ago Wired.com
FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
1 year ago Bleepingcomputer.com
Russian military hackers target Ukraine with new MASEPIE malware - Ukraine's Computer Emergency Response Team is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour. APT28, aka Fancy Bear or Strontium, is a Russian state-sponsored ...
1 year ago Bleepingcomputer.com
CEO of Ukraine's largest telecom operator describes Russian cyberattack that wiped thousands of computers - In the two months since Russia-linked hackers attacked Ukraine's largest telecom operator, many questions have emerged about how they gained access to the company's systems and lingered there, likely for months, undetected. During a cybersecurity ...
1 year ago Therecord.media

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)