Oh, look! Russian hackers have recently been reported to have the ability to exploit weaknesses in the Signal app. What a strange coincidence!
From last month:
"In a fresh report published Wednesday, Mandiant threat hunter Dan Black warns that several APT groups have perfected the abuse of Signal’s “linked devices” feature that enables the privacy-themed chat and voice messenger to be used on multiple devices concurrently.
By tricking users into scanning malicious QR codes embedded in phishing pages or disguised as group invite links, Mandiant says APT groups linked to the Kremlin are secretly adding their own device as a linked endpoint.
Once this connection is established, every message sent by the user is duplicated to the attacker’s device in real time, effectively bypassing Signal’s heralded end-to-end encryption without having to break the underlying cryptography. The company said Signal’s popularity among common targets of surveillance and espionage activity — military personnel, politicians, journalists and activists — has made the messaging application “a high-value target for adversaries seeking to intercept sensitive information that could fulfil a range of different intelligence requirements.”
"Russian state-linked hacking groups have snuck into some Ukrainian military staffers' Signal messenger accounts to gain access to sensitive communications, Google said in a report on Wednesday. Moscow-linked groups have found ways to couple victims' accounts to their own devices by abusing the messaging application “linked devices” feature that enables a user to be logged in on multiple devices at the same time.
In some cases, Google has found Russia's notorious, stealthy hacking group Sandworm (or APT44, part of the military intelligence agency GRU), to work with Russian military staff on the front lines to link Signal accounts on devices captured on the battlefield to their own systems, allowing the espionage group to keep tracking the communication channels."
