The FBI and CISA have issued an urgent warning about a sophisticated phishing campaign orchestrated by Russian intelligence services targeting Signal messaging app users. The attackers are specifically pursuing Signal backup recovery keys, which grant them persistent and comprehensive access to victims' entire message histories. What makes this threat particularly insidious is that once hackers obtain a recovery key, they maintain access even after the victim changes phones or devices.
The campaign, attributed to Russian intelligence groups including FSB Border Guards and Russian military operatives tracked as UNC5792 and UNC4221, targets high-value individuals. These include current and former government officials from the US and abroad, military personnel, political figures, journalists, and Ukrainian officials. The broader operation has already compromised thousands of accounts globally, affecting both Signal and WhatsApp users, though the recovery key exploitation technique is unique to Signal.
The attack methodology relies entirely on social engineering rather than breaking Signal's encryption. Hackers pose as Signal support staff, sending convincing messages within the app itself that request backup recovery keys, verification codes, or account PINs. Recent phishing messages masquerade as mandatory two-factor authentication updates or urgent data recovery warnings, manipulating users into enabling backups and surrendering their recovery keys. Earlier versions employed doctored group invite links that secretly linked attackers' devices to victims' accounts.
The critical vulnerability lies not in Signal's encryption or security architecture, but in human trust. Once a recovery key is compromised, attackers can restore account backups, read all private and group messages, and commandeer the account completely. Even creating a new account on the same phone number doesn't revoke the old key's access to future backups. The only remedy is generating a new recovery key through Signal's settings, which invalidates the compromised key prospectively but cannot undo any data already extracted.
Security agencies emphasise that Signal never messages users within the app requesting credentials or recovery information. Any such message should be treated as hostile regardless of how legitimate it appears. The US State Department is offering up to £8 million for information on UNC5792, reflecting the severity of this ongoing threat. This campaign underscores a fundamental security principle: end-to-end encryption protects data in transit, but cannot defend against users who are deceived into voluntarily surrendering their own security credentials.
Fuente Original: https://thenextweb.com/news/fbi-russian-hackers-signal-backup-recovery-key-unc5792
Artículos relacionados de LaRebelión:
- Linux Exploit Pwned Root Access via Poisoned Binaries
- Exploit Imparcheable usbliter8 Compromete Chips Apple A12-A13
- Nadella Warns AI Could Hollow Out Industries
- Hackers Chinos Diez Anos Ocultos en Linux
- AI Pause Anthropic Warns of Self-Improving Risks
Artículo generado mediante LaRebelionBOT
No hay comentarios:
Publicar un comentario