Federal authorities are offering a reward of up to $10 million for information leading to the identity or location of a Russian state cyber group that hacked thousands of Signal and WhatsApp accounts belonging to investigative journalists and US government employees.
The operation has been active since at least March, when the FBI released information advice Warning of ongoing phishing campaigns targeting high-value targets by attackers linked to Russian intelligence services. Messages masquerading as automated support communications ask users to click a link or provide verification codes or account passwords. If the user does so, they unknowingly link the attacker’s device to their account or have their account hijacked and blocked entirely.
Thousands of accounts have already been stolen
With this, attackers can read any new messages sent to the stolen account. A security feature built into Alarm prevents intruders from reading any previous conversations. The messages are directed to “individuals of high intelligence value, such as current and former US government officials, military personnel, political figures, and journalists.”
Last week, the FBI released a report update that said, the campaign is evolving. In addition to attempting to trick recipients into posting as support bots trying to link their accounts to the attacker’s device, the messages also urge users to back up all previous communications by following the instructions here. A follow-up message then instructs the targets to send the long password used to encrypt the backups stored on the Signal servers. By doing so, attackers gain access to past Signal conversations. The update said the two Russian government groups responsible were traced to UNC5792 and UNC4221.
One message contains text like this:
The signal is here
Recently, attempts to hack users of our messenger by connecting third-party devices to the account are happening more often.
As a result of a joint investigation with the US government and European partners, it became clear that the attacks on the accounts were carried out by hackers from Iran and post-Soviet countries.
In this regard, Signal is updating its Terms of Service and Privacy Policy and introducing Mandatory Two-Factor Authentication for users.
To avoid losing your messages and media, set up your Signal Backup (Settings -> Backups -> Enable backups -> View recovery key -> Copy to clipboard -> Next -> Enter recovery key -> Next -> Continue -> Choose your backup plan).
In the window that opens, click “I accept” and follow us for security updates on our messenger.
Stay safe and thank you for using the most secure messenger with end-to-end encryption.
If you have any questions please post / help
Other text looks like this:
