Germany’s leading security organizations have issued a critical alert about an advanced cyber espionage operation targeting senior officials and journalists across Europe. The Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI) have identified state-sponsored hackers as the culprits, exploiting Signal accounts to monitor private communications.
Targeting High-Ranking Figures
In a statement released on February 6, the agencies outlined that the primary targets include military personnel, diplomats, politicians, and investigative journalists. Unlike conventional cyber attacks that depend on malware or software vulnerabilities, this campaign leverages social engineering to manipulate victims into inadvertently compromising their security.
The “Fake Support” Technique
One of the attack strategies involves hackers masquerading as “Signal Support” or a “Signal Security ChatBot.” These imposters contact users directly within the app, alleging suspicious activity or a data leak on the victim’s device. To resolve the issue, they instruct the user to verify their identity by sending a PIN code.
Once a victim provides this six-digit code, the hackers register the victim’s phone number on a new device controlled by them. This action locks the legitimate user out of their account, allowing attackers to impersonate the victim in subsequent communications.
The Subtle QR Code Intrusion
Another method employed by the hackers is more discreet, enabling them to surveil communications without locking out the user. By concocting a plausible pretext, such as a group invitation or device verification request, attackers trick the victim into scanning a QR code. This code is essentially a device linking request. When scanned, it authorizes the hacker’s device to connect to the victim’s account. This connection permits attackers to silently read new messages and access chat history from the past 45 days.
Authorities suspect a state-sponsored cyber entity is orchestrating these attacks due to the focus on intelligence gathering rather than financial gain. The objective appears to be espionage, including mapping social networks and intercepting sensitive political and military communications.
Since the attack methods utilize legitimate Signal features, they can evade most antivirus software. Security officials strongly advise users to review their “Linked Devices” list in Signal settings and to never share verification PINs, even with accounts claiming to be support staff.
Stay updated on cybersecurity news by following us on Google News, LinkedIn, and X. Reach out if you have stories to share.
