Russian Hackers Hijack Signal App to Spy on Ukrainian Soldiers, Google Warns

Russian hackers have targeted Ukrainian soldiers Signal  accounts, exploiting a vulnerability in the encrypted messaging app, according to Google researchers on February 19.

The hackers are using fake QR codes that mislead users into linking their Signal accounts to devices controlled by the attackers. These fake QR codes take advantage of Signal’s feature, which allows users to sync their accounts across multiple devices.

If successful, this attack would allow the hackers to intercept messages in real-time, providing them with ongoing access to private communications without needing to fully compromise the victim’s device.

Google’s Threat Intelligence Group, led by Dan Black, noted that the breach could compromise sensitive military information. In one instance, a fake Ukrainian Armed Forces webpage directed soldiers to scan a QR code, linking their accounts to Russian-controlled devices.

Black suspects that the Kremlin-backed cyberespionage group Sandworm, known for its previous attacks on Ukrainian energy infrastructure, is behind the operation.

Sandworm operatives have reportedly worked with Russian military forces to exploit Signal on devices captured from the battlefield.

The targeting of encrypted messaging apps, such as Signal, has increased since Russia’s full-scale invasion of Ukraine in 2022, as Moscow sought to undermine Ukrainian military communications.

Viktor Zhora, former deputy head of Ukraine’s State Service for Special Communications, pointed out that the “Qishing” method, phishing via QR codes, has become a common tactic against Ukrainian users, particularly military personnel, who frequently use Signal.

To combat these threats, Google and Signal collaborated on a report, with Signal enhancing the app’s security by adding new features. The updated app now provides clearer notifications when new devices connect to a user’s account, making it easier to identify and remove unauthorized devices.

On January 17, it was reported that a Russian hacking unit called Star Blizzard targeted government ministers and officials worldwide by sending emails inviting them to join WhatsApp user groups and then stealing their account data.