Russian state-associated hacker groups targeted the encrypted messaging service Signal using a sophisticated QR code phishing technique, compromising the privacy of Ukrainian users including military personnel. Exploiting legitimate features, the attackers sent phishing messages that tricked victims into scanning malicious QR codes, which linked their devices to ones controlled by the attackers. This breach allowed eavesdroppers to receive a real-time copy of every message sent or received by the victim. Google's threat intelligence team identified the issue, leading Signal to implement an update enhancing security measures such as additional user confirmation and biometric authentication to thwart this espionage tactic.
Source: https://www.wired.com/story/russia-signal-qr-code-phishing-attack/
TPRM report: https://scoringcyber.rankiteo.com/company/signal-peak-ventures
"id": "sig000022025",
"linkid": "signal-peak-ventures",
"type": "Cyber Attack",
"date": "2/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Ukrainian users including '
'military personnel',
'industry': 'Technology',
'name': 'Signal',
'type': 'Messaging Service'}],
'attack_vector': 'QR code phishing',
'data_breach': {'data_exfiltration': 'Real-time copy of every message',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Messages sent or received by the '
'victim'},
'description': 'Russian state-associated hacker groups targeted the encrypted '
'messaging service Signal using a sophisticated QR code '
'phishing technique, compromising the privacy of Ukrainian '
'users including military personnel. Exploiting legitimate '
'features, the attackers sent phishing messages that tricked '
'victims into scanning malicious QR codes, which linked their '
'devices to ones controlled by the attackers. This breach '
'allowed eavesdroppers to receive a real-time copy of every '
"message sent or received by the victim. Google's threat "
'intelligence team identified the issue, leading Signal to '
'implement an update enhancing security measures such as '
'additional user confirmation and biometric authentication to '
'thwart this espionage tactic.',
'impact': {'data_compromised': 'Real-time copy of every message sent or '
'received by the victim',
'systems_affected': 'Signal messaging service'},
'initial_access_broker': {'entry_point': 'QR code phishing',
'high_value_targets': 'Ukrainian military '
'personnel'},
'motivation': 'Espionage',
'post_incident_analysis': {'corrective_actions': 'Implemented an update '
'enhancing security measures '
'such as additional user '
'confirmation and biometric '
'authentication',
'root_causes': 'Exploiting legitimate features of '
'Signal'},
'response': {'remediation_measures': 'Implemented an update enhancing '
'security measures such as additional '
'user confirmation and biometric '
'authentication',
'third_party_assistance': "Google's threat intelligence team"},
'threat_actor': 'Russian state-associated hacker groups',
'title': 'Russian Hacker Groups Target Signal Users with QR Code Phishing',
'type': 'Phishing',
'vulnerability_exploited': 'Legitimate features of Signal'}