The US, DHS Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning concerning malicious cyber actors using commercial spyware programs to target messaging applications. CISA's alert highlights that various threat actors employ sophisticated targeting and social engineering methods to deliver spyware and gain unauthorized access to users' messaging applications. This initial access then facilitates the deployment of additional malware, leading to more extensive access to the target's mobile device.[1]
Attackers are using use a range of techniques to compromise devices and access messaging services. These include:
- Sending malicious QR codes that link a victim's phone to an attacker's computer.
- Deploying 'zero-click' malware, which silently infects target devices without requiring user interaction.
- Distributing fraudulent applications that impersonate popular messaging services such as Signal and WhatsApp, claiming to be upgraded versions.
CISA reports indicate that these cyber-attacks primarily focus on senior government officials, military leaders, and executives within civil-society organizations. Public reporting cited by CISA confirms instances of such attacks occurring across the United States, Europe, and the Middle East.
Commercial spyware firms have seen a rise in popularity, particularly among authoritarian governments, owing to their ability to penetrate widely used messaging applications through device-hijacking malware. Efforts are being made by Western governments and technology companies to limit the proliferation of these tools.
Messaging services represent a prime target for sophisticated hacker groups, especially nation-state actors, due to the significant volume of valuable information they contain. Encrypted messaging applications, including Signal, are subject to some of the most concentrated attacks.
CISA's warning, which compiles recent reports, suggests an increased concern within the agency regarding the prevalence of advanced attacks on messaging services. Human rights groups and other civil-society organizations are particularly susceptible to these attacks, often due to their limited security provisions.
See: https://redskyalliance.org/xindustry/salt-typhoon-hackers
CISA advises organizations to consult its mobile security advisory tailored for civil-society groups. The agency has recently updated this document, which was initially developed in response to espionage activities such as the Chinese government’s "Salt Typhoon" campaign.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.cybersecurityintelligence.com/blog/spyware-attacks-targeting-mobile-messaging-8919.html
Comments