Federal authorities are offering a reward of up to $10 million for information leading to the identification or location of a Russian state cyber group that has compromised thousands of Signal and WhatsApp accounts belonging to investigative journalists and U.S. government employees.
The operation has been active since at least March, when the FBI released a advisory warning of ongoing phishing campaigns targeting high-value targets by attackers associated with Russian intelligence services. Messages posing as automated support communications ask users to click a link or provide verification codes or account passwords. Should the user comply, they unknowingly link the attacker’s device to their account or their account is completely taken over and locked.
Thousands of accounts already compromised
With that, attackers can read any new messages sent to the compromised account. However, a security feature built into Signal prevents attackers from reading past conversations. The messages are sent to “individuals of high intelligence value, such as current and former US government officials, military personnel, political figures and journalists.”
Last week, the FBI released a update That said, the campaign had evolved. In addition to attempting to post as support bots attempting to trick recipients into linking their account to an attacking device, the messages also urge users to create a backup of all previous communications by following the instructions here. A follow-up message then instructs targets to send the long passcode used to encrypt backups stored on Signal servers. With that, attackers have access to past Signal conversations. The update said that two responsible Russian government groups were traced as UNC5792 and UNC4221.
A message has text similar to this:
The sign is here.
Recently, attempts to hack our Messenger users by connecting third-party devices to the account have become more frequent.
An investigation conducted jointly with the US government and European partners revealed that the attacks on the accounts were carried out by hackers from Iran and post-Soviet countries.
In this sense, Signal updates the Terms of Service and Privacy Policy and introduces mandatory two-factor verification for users.
To avoid losing your messages and media, set up your Signal Backup (Settings -> Backups -> Enable backups -> View recovery key -> Copy to clipboard -> Next -> Enter recovery key -> Next -> Continue -> Choose your backup plan).
Click the “OK” button on the pop-up window and stay tuned for security updates on our Messenger.
Stay safe and thank you for using the most secure messenger with end-to-end encryption.
If you have any questions send /help
Another text looks like this:
