Hackers targeting Signal messaging app users in Estonia

Signal is a messaging app that, according to the Estonian Information System Authority (RIA), is popular mainly due to its strong encryption and minimal data collection, which is strictly limited to what is essential for communication and remains anonymous.

In a recent blog post, RIA warned that while Signal remains a secure platform, cybercriminals are actively trying to compromise accounts globally. The attackers are exploiting a Signal feature that allows multiple devices to be linked to a single account.

The attackers typically send friend requests, attempt to initiate contact, and distribute phishing links or QR codes designed to link the victim's account to the hacker’s device.

Google’s Threat Intelligence Group reported a broader wave of these attacks in a recent security bulletin.

The primary aim appears to be tracking the locations of Signal users or collecting sensitive work-related information. Signal is widely used by Estonian government agencies, and according to the Police and Border Guard Board, many employees of public authorities have received similar phishing attempts.

Priit Põdra from the Police and Border Guard Board's information security unit confirmed that some employees of the agency received messages from unknown senders containing either a brief message or a QR code. Fortunately, none of them scanned the QR codes, and hackers failed to breach any accounts, preventing any harm.

Politico reported that the attacks are being carried out by hacker groups linked to Russian authorities, primarily targeting Signal users on the Ukrainian front. Some Ukrainian soldiers' Signal accounts have already been compromised, allowing attackers to intercept sensitive military communications.