Federal authorities are offering a reward of as much as $10 million for information resulting in the identification or location of a Russian state cyber group that has compromised 1000’s of Signal and WhatsApp accounts belonging to investigative reporters and US government employees.
The operation has been energetic since no less than March, when the FBI published an advisory warning of ongoing phishing campaigns targeting high-value targets by attackers related to Russian intelligence services. Messages masquerading as automated support communications ask that users click a link or provide verification codes or account passcodes. Within the event the user complies, they unknowingly link the attacker’s device to their account or have their account completely taken over and are locked out.
Hundreds of accounts already compromised
With that, the attackers can read any recent messages sent to the compromised account. A security feature built into Signal, nevertheless, prevents the attackers from reading any previous conversations. The messages are sent to “individuals of high intelligence value, comparable to current and former US government officials, military personnel, political figures, and journalists.”
Last week, the FBI published an update that said the campaign had evolved. Along with attempting to post as support bots attempting to trick recipients into linking their account to an attacker device, the messages also urge users to create a backup of all previous communications following the directions here. A follow-up message then instructs the targets to send the long passcode that’s used to encrypt backups stored on Signal servers. With that, the attackers have access to past Signal conversations. The update said two Russian government groups responsible were tracked as UNC5792 and UNC4221.
One message has text much like this:
Signal is here
Recently, attempts to hack users of our messenger with the connection of third-party devices to the account have develop into more frequent.
An investigation conducted jointly with the US government and European partners revealed that the attacks on accounts were carried out by hackers from Iran and post-Soviet countries.
On this regard, Signal updates Terms of Service & Privacy Policy, and introduces Mandatory Two-factor Verification for users.
To not lose your messages and media, arrange your Signal Backup (Settings -> Backups -> Enable backups -> View recovery key -> Copy to clipboard -> Next -> Enter the recovery key -> Next -> Proceed -> Select your backup plan).
Click the “Accept” button within the pop-up and stay tuned for security updates on our messenger.
Stay protected and thanks for using essentially the most secure messenger with end-to-end encryption.
If you have got any questions, send /help
Other text looks like this: