High-risk individuals are encouraged to take steps to reduce their exposure to social engineering attacks against encrypted messaging apps, including Signal, WhatsApp and Facebook Messenger.
The UK’s National Cyber Security Agency, part of GCHQ, has warned that politicians, academics, journalists and lawyers are at high risk of social engineering attacks by state-sponsored hackers trying to gain access to messaging services.
Government officials have also been targeted by China, Russia’s Federal Security Service (FSB) – which hacked the former MI6 chief’s secret emails – and Iran’s Islamic Revolutionary Guard Corps (IRGC).
The NCSC alert follows warnings from Google’s Threat Intelligence Group in February that Russian government-backed groups are making aggressive efforts to target the Signal accounts of people of interest to Russian intelligence services.
Phishing teams used social engineering techniques to trick vulnerable people into connecting to their Token, or other messaging accounts and devices controlled by criminals, allowing them to read messages sent and received by the target.
Techniques include trying to trick victims into sharing login or account recovery messages, prompting people to join group chats, impersonating someone known to the victim, or sending malicious links or QR codes.
Journalists are targeted
Journalists working on serious stories using Signal’s messaging services were faced with phishing emails in late January.
Stefania Maurizi, an Italian investigative journalist, told Computer Weekly that she was working on an investigation into the operations of the US Immigration and Customs Enforcement (ICE), the Israeli Defense Forces and the Italian police when she received a phishing message claiming to be an update to Signal.
“Having worked on WikiLeaks for more than a decade and on the Snowden files, I realized very well what a target journalists are,” he said. Checks revealed that there was no Signal app available for his phone.
Maurizi was sent a second phishing message a few days later with a second phone claiming to be from “Signal’s security support chatbot”, a non-existent service.
Russian attackers used Signal’s “connected devices” that enable Signal to be used on multiple devices at the same time by sending the victim malicious QR codes masquerading as legitimate messages.
If the attacks are successful, future messages will be sent simultaneously to the victim and the attacker, allowing the attacker to eavesdrop on secure conversations without compromising the victim’s device.
The NCSC advises vulnerable people not to share sensitive information through messaging apps, which may be difficult for some users, to use two-step authentication on Signal, and passkeys.
It recommends regularly checking the settings for the devices associated with the messaging account, checking the members of the discussion groups and removing or verifying any unknown participants and the use of disappearing messages.
FSB swindled Brexit supporters
Computer Weekly revealed in 2022 that a Russian group linked to the FSB, known variously as Coldriver, Seaborgium, Callisto and Star Blizzard, hacked the emails and documents of the former head of MI6, and other members of the hard-wing network of the hard Brexit campaign. The gang also carried out attacks against journalists, MPs and UK NGOs.
Academics from the universities of Bristol, Cambridge and Edinburgh, including the late Ross Anderson, a professor of security engineering, published for the first time a 2023 warning linking the desktop versions of Signal and WhatsApp could be compromised if accessed by a border guard or a malicious actor, enabling them to read all incoming messages.
Last year, Microsoft warned that a Russian-linked group called Storm-2372 was targeting victims on WhatsApp, Signal and Microsoft Teams, establishing friendships before sending them invitations to online events or meetings via phishing emails.
#NCSC #warns #people #high #risk #social #engineering #attacks #Signal #WhatsApp #Computer #Weekly