TL;DR
A cybersecurity researcher exposed a Russian hacking campaign targeting Signal users, with over 13,500 victims including high-profile figures. The hackers used phishing and automated tools to compromise accounts. The campaign is ongoing, and Signal advises users to enable security features.
A cybersecurity researcher has revealed that Russian government hackers attempted to hijack Signal accounts in a widespread campaign targeting over 13,500 users, including politicians and journalists. The discovery highlights ongoing espionage efforts and underscores the importance of security features for Signal users.
Donncha Ó Cearbhaill, a security researcher at Amnesty International’s Security Lab, identified a phishing campaign that impersonated Signal support to trick users into revealing verification codes. The hackers used an automated system called ‘ApocalypseZ,’ which is operated in Russian, to target multiple victims simultaneously. Ó Cearbhaill estimates that the campaign has affected more than 13,500 individuals, including high-profile figures within Russia. The attackers appear to have used compromised contacts from group chats to identify new targets, a tactic he describes as a ‘snowball hypothesis.’ Signal has publicly warned of similar phishing attempts, and security experts warn that the campaign is ongoing, with the hackers possibly expanding their reach.
Why It Matters
This development reveals a significant espionage effort by Russian state-linked actors aimed at political, journalistic, and governmental targets. The campaign underscores the vulnerabilities of encrypted messaging platforms and the persistent threat of state-sponsored cyber espionage. For Signal users, especially those in sensitive positions, the attack highlights the importance of enabling security features like Registration Lock to prevent account hijacking.
Thetis Pro FIDO2 Security Key, Two Factor Authentication NFC Security Key FIDO 2.0, Dual USB A Ports & Type C for Multi layered Protection (HOTP) in Windows/MacOS/Linux, Gmail, Facebook,Dropbox,Github
Check FIDO2 compatibility before purchase – Known limitations: ID Austria is not supported (requires FIDO2 Level 2). Windows…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Earlier this year, multiple Western cybersecurity agencies, including CISA and the UK’s NCSC, issued warnings about Russian-backed hacking groups targeting encrypted messaging platforms. Signal has repeatedly warned its users about phishing attacks, which have increased amid geopolitical tensions. The use of automated tools like ApocalypseZ indicates a sophisticated, organized effort to compromise large numbers of targets quickly. The campaign’s discovery follows recent reports of Russian cyber operations focusing on political interference and espionage in Europe and beyond.
“The campaign uses an automated system called ApocalypseZ, which allows the hackers to target many people at once with limited oversight.”
— Donncha Ó Cearbhaill
“I suspect I was targeted because I was in a group chat with someone who was hacked, which gave the attackers a way in.”
— Ó Cearbhaill
“We continue to monitor and warn users about phishing campaigns attempting to compromise accounts.”
— Signal Security Team
TP-Link AC1900 WiFi Range Extender RE550 | Dual-Band Wireless Repeater Amplifier w/Gigabit Ethernet Port | Up to 2200 Sq. Ft., 32 Devices | Internet Signal Booster | APP Setup | EasyMesh Compatible
𝐃𝐮𝐚𝐥-𝐁𝐚𝐧𝐝 𝐖𝐢𝐅𝐢 𝐄𝐱𝐭𝐞𝐧𝐝𝐞𝐫 𝐰𝐢𝐭𝐡 𝟏.𝟗 𝐆𝐛𝐩𝐬 𝐓𝐨𝐭𝐚𝐥 𝐁𝐚𝐧𝐝𝐰𝐢𝐝𝐭𝐡 – Extend your home network with speeds of up to…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It remains unclear how many of the targeted accounts have been exploited beyond initial compromise, or whether the hackers have accessed sensitive data. The full extent of the campaign’s reach and the identities of all victims are still being investigated. The hackers’ current operational status and future plans are also unknown.
McAfee Total Protection with Scam Detector | Avoid Phishing Emails, Texts, Video and QR Code Scams with Scam Protection Software App for iPhone & Android | 1-Year Subscription with Auto-Renewal
ALL-IN-ONE SCAM PROTECTION – Stop sophisticated phishing attacks before they reach you; our scam detection helps you avoid…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Security researchers and Signal are continuing to monitor the campaign, with efforts to identify additional victims and block ongoing attacks. Signal recommends users activate features like Registration Lock and two-factor authentication. Authorities may investigate further to attribute the campaign officially and potentially take legal or technical measures against the hackers.
Gyliziex Indoor Security Camera 2 Packs, 2K 5G WiFi Baby/Pet/Dog/Nanny Cameras for Home Security, 360 PTZ Security Cameras with US Servers Phone App, 911 One-Tap Call,AI Smart Detection
【Smart 911 Alerts- Your Home Alarm System】: Cameras Indoor equipped with high-precision sensors that monitor real-time anomalies (e.g.,…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
How can Signal users protect themselves from such attacks?
Users should enable Registration Lock, set a PIN for their account, and be cautious of phishing messages asking for verification codes. Regularly updating the app and being vigilant about suspicious activity also help.
Are these attacks linked to specific Russian government agencies?
While the hackers’ tools and language suggest a Russian origin, authorities have not officially confirmed attribution to specific agencies. The campaign is believed to be state-backed based on operational evidence and previous patterns.
Has any sensitive information been leaked or accessed?
It is not yet clear whether hackers have accessed or leaked data. The campaign appears focused on account hijacking rather than data exfiltration, but investigations are ongoing.
Will Signal be able to prevent future attacks?
While Signal can implement technical defenses and advise users to activate security features, no platform is completely immune. Continued vigilance and user education are essential to mitigate risks.
