Russian state-backed actors are increasingly targeting secure messaging applications like Signal to intercept sensitive communications, reveals a recent report by Google’s Threat Intelligence Group. These groups, often aligned with Russian intelligence services, are focusing on compromising accounts used by individuals of interest, including military personnel, politicians, journalists, and activists. While the initial focus appears to be related to the conflict in Ukraine, researchers believe
signal (3)
The targeted operation utilized CVE-2017-8570 as the initial vector and employed a notable custom loader for Cobalt Strike, yet attribution to any known threat actor remains elusive. An unknown threat actor targeted government entities in Ukraine toward the end of 2023 using an old Microsoft Office remote code execution (RCE) exploit from 2017 (CVE-2017-8570) as the initial vector and military vehicles as the lure.
The threat actor initiated the attack using a malicious PowerPoint file (.PPSX)
The secure messaging service Signal[1] has released the details of a search warrant it received from the Santa Clara, California Police which shows the efforts US law enforcement agencies will go to force online platforms into disclosing the personal information of their users. In the search warrant, the police sought to get the name, street address, telephone number, and email address of a specific Signal user, which is not necessarily unusual. It also wanted billing records, the dates of whe
