A spyware researcher has uncovered Russian government hackers trying to hack into Signal accounts

Earlier this year, Donncha Ó Cearbhaill, a security researcher who investigates espionage, found himself in an unusual situation. For a time, he became the target of criminals.

“Dear User, this is Signal Security Support ChatBot. We have seen suspicious activity on your device, which could have resulted in data loss,” read the message he received on his Signal account.

“We have also detected attempts to access your privacy in Signal,” the message said.

“To avoid this, you must go through the verification process, and enter the verification code into the Signal Security Support Chatbot. DO NOT TELL ANYONE, BUT THE USER OF THE NAME.”

Of course, Ó Cearbhaill, who heads Amnesty International’s Security Lab, immediately recognized that this was a “senseless” attempt to hack his Signal account. Instead, he thought it would be a good opportunity to jump into an unexpected investigation.

The researcher told TechCrunch that until then, he “didn’t know at all” a one click on a cyberattack or attempted fraud like this in the past.

“Having those shows in my inbox, and the opportunity to open up to the attackers and understand more about the campaign was too good to pass up,” he said.

As it turned out, Ó Cearbhaill’s attempted attack may have been part of a massive phishing campaign targeting a large group of Signal users. The hackers’ tactics included impersonating Signal, false security alerts, and trying to trick targets into giving hackers access to their accounts by connecting to a device the hackers are targeting.

These methods were exactly the same as those seen in the main campaign that a The US cybersecurity agency CISAand A cybersecurity organization in the United Kingdomand Dutch intelligence both have warned and accused them of spying for the Russian government. Signal, too warned against deception targeting users. German magazine He found a mirror that Russian hackers were able to compromise several people within the country, including prominent politicians.

From Carball he said in an online blog post that he was able to identify that he was one of over 13,500 targets. He declined to reveal exactly how he investigated the attempted theft and campaign to keep his hands off the hackers, but he did share details of what he learned.

First, Ó Cearbhaill realized that some of the targets included journalists he worked with, as well as a friend. At the time, he said he already suspected that this was a opportunistic attack where hackers compromised their targets and identified potential victims, due to the fact that they were successful.

Ó Cearbhaill called it a “snowball phenomenon” and said he believed he was targeted because he may have been in a social group with the victim, which gave the hackers an opportunity to get information about their targets.

The researcher said that he was able to identify the system used by hackers, which is called “ApocalypseZ,” which uses the attack, which allows hackers to destroy many people at the same time in large quantities with little human supervision.

They also discovered that the codebase and operating system are in Russian, and that the hackers translated victim chats into Russian, which supports the idea that this was the same Russian government group cracking down on a similar campaign.

Ó Cearbhaill said he is still monitoring the campaign and has seen the protests continue, meaning the overall numbers are significantly higher than what he saw earlier this year.

He said he doubted the vandals would follow him and would probably regret following him in the first place. He said: “I welcome messages from the future, especially if they have zero dates that they would like to share,” referring to security flaws which is not yet known to the seller, which is often used to refute the search results.

Ó Cearbhaill said that if Signal users are worried about experiencing this type of situation, they should turn it on. Lock Registrationa feature that allows users to set a PIN for their account that prevents others from registering their phone number on other devices.