State-Backed Phishing Targets Military, Journalists on Signal
▼ Summary
– German authorities warn that a likely state-backed hacking group is phishing senior officials and journalists across Europe via the Signal messaging app.
– The attackers use two methods: posing as Signal support to steal PINs or tricking users into scanning malicious QR codes to link a device.
– Successful attacks give attackers access to private chats, group conversations, and contact lists, compromising entire networks.
– Authorities advise users to never share PINs via message, block suspicious contacts, and enable security features like registration locks.
– While Signal is the current focus, the alert notes that WhatsApp users are similarly vulnerable due to the apps’ comparable functionalities.
German security officials have issued a stark warning about a sophisticated phishing campaign targeting high-profile individuals across Europe. The attacks, believed to be orchestrated by a state-backed hacking group, are exploiting the Signal messaging app to compromise senior politicians, military personnel, diplomats, and investigative journalists. Authorities emphasize that while the current threat appears politically motivated, the techniques are easily replicable by criminal groups for financial gain.
The alert, published jointly by Germany’s Federal Office for the Protection of the Constitution and the Federal Office for Information Security, details two primary methods used to hijack accounts.
In the first scenario, the attacker impersonates official Signal support, contacting the target directly within the app. The message typically warns of a critical security issue requiring immediate action. The victim is instructed to provide a security PIN or a one-time verification code to supposedly prevent data loss or unauthorized access. If the target complies, the attackers use that information to register the victim’s account on a device they control, seizing complete access.
The second approach involves deception through a QR code. The attacker convinces the target to scan a code under a false pretext. In reality, scanning the code links a new, attacker-controlled device to the victim’s Signal account. This method is particularly insidious because it allows the hacker to silently monitor all private and group conversations, access contact lists, and send messages while impersonating the victim, often without triggering an immediate lockout.
This level of access provides attackers with a treasure trove of intelligence. They can eavesdrop on confidential discussions, map out professional and personal networks, and leverage that information for further espionage or criminal operations. Officials noted that while Signal is the current vector, WhatsApp users face a similar risk due to the platforms’ comparable functionalities.
Victims of the first attack variant will likely realize something is wrong quickly, as the Signal app will show that their device is no longer registered and messaging functions will cease. Authorities have provided clear guidance for users to protect themselves. They advise never responding to messages from unverified support accounts, blocking and reporting such contacts immediately, and never sharing PINs or codes via message.
Enabling security features like registration locks is crucial. Users should only scan QR codes when intentionally linking their own devices and should routinely check their account’s linked devices list in the settings menu. Anyone who suspects they have been targeted is urged to contact the relevant security authorities directly to report the incident.
(Source: HelpNet Security)
