TL;DR
A cybersecurity researcher exposed a Russian hacking campaign targeting Signal users, including high-profile individuals. The hackers used phishing tactics and automated tools, impacting over 13,500 targets. The investigation is ongoing.
A cybersecurity researcher has revealed that Russian government hackers are actively targeting Signal users in a large-scale campaign designed to hijack accounts through phishing attacks and automated tools. This development highlights ongoing espionage efforts by state-sponsored actors and raises concerns about digital security for users worldwide.
The researcher, Donncha Ó Cearbhaill, an expert in spyware investigations and head of Amnesty International’s Security Lab, identified that the hackers employed a tool called ‘ApocalypseZ’ to automate targeted attacks on Signal users. The campaign has reportedly affected more than 13,500 individuals, including journalists, politicians, and other high-profile figures, according to Ó Cearbhaill’s findings.
Ó Cearbhaill discovered that the hackers’ codebase and operational interface are in Russian, and that they translated victim chats into Russian, strongly suggesting Russian government involvement. The hackers attempted to impersonate Signal’s support system, warning users of fake security threats and urging them to pass verification codes to gain access to their accounts.
He noted that the attack likely originated from a compromised contact in a group chat, which allowed the hackers to identify new targets. The hackers’ infrastructure, including the ‘ApocalypseZ’ tool, enables bulk targeting with limited human oversight, making the campaign highly scalable and persistent. Ó Cearbhaill has continued monitoring the campaign, which remains active, indicating the number of targets is still growing.
Why It Matters
This revelation underscores the ongoing cyber espionage efforts by Russian state actors, emphasizing the vulnerability of encrypted messaging platforms like Signal. The campaign’s scale and sophistication demonstrate the persistent threat posed by nation-state hackers to political, journalistic, and civil society figures. It also raises concerns about the safety of digital communication channels used by individuals and organizations worldwide, especially in sensitive political contexts.
As an affiliate, we earn on qualifying purchases.
Background
Earlier this year, multiple Western cybersecurity agencies, including CISA, the UK’s cybersecurity agency, and Dutch intelligence, issued warnings about Russian hacking groups targeting Signal and other secure messaging platforms. German media reported that Russian hackers had compromised several high-profile figures within Germany, linking the activity to broader geopolitical espionage campaigns. Signal has previously warned its users about targeted phishing attacks, but this campaign marks a significant escalation in scale and technical complexity.
“The hackers are using automated tools like ApocalypseZ to target thousands of users simultaneously, which suggests a state-sponsored campaign with significant resources.”
— Donncha Ó Cearbhaill
“This campaign demonstrates the persistent threat Russian hackers pose to encrypted messaging platforms, and the need for users to adopt additional security measures.”
— An unnamed cybersecurity official involved in the investigation
encryption messaging app security
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
While the investigation links the campaign to Russian state actors, direct attribution remains complex, and the full extent of the operation is still being assessed. It is also unclear whether the hackers have successfully hijacked any high-profile accounts or if they have exploited specific vulnerabilities in Signal itself.
McAfee Total Protection with Scam Detector | Avoid Phishing Emails, Texts, Video and QR Code Scams with Scam Protection Software App for iPhone & Android | 1-Year Subscription with Auto-Renewal
- All-in-One Scam Protection: Detects phishing, QR, and deepfake scams
- Prevent Financial Loss: Blocks scam emails, texts, and alerts
- Mobile-First Security: Works seamlessly on iPhone and Android
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Ó Cearbhaill and cybersecurity agencies plan to continue monitoring the campaign, with efforts focused on identifying additional targets and vulnerabilities. Signal has advised users to enable features like Registration Lock and to remain vigilant against phishing attempts. Further investigations may reveal more about the hackers’ infrastructure and possible countermeasures.
secure messaging app for journalists
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
How do the hackers attempt to hijack Signal accounts?
The hackers use phishing messages that impersonate Signal support, prompting targets to pass verification codes, which they then use to gain account access.
What is ApocalypseZ?
ApocalypseZ is an automated tool used by the hackers to target large groups of Signal users simultaneously, enabling bulk phishing attacks with limited human oversight.
Are Signal users safe from such attacks?
Users can enhance their security by enabling features like Registration Lock and being cautious of suspicious messages. However, sophisticated campaigns like this highlight the importance of ongoing vigilance.
Has Signal been directly compromised?
There is no evidence that Signal’s core infrastructure has been compromised. The attacks target individual users through social engineering and phishing tactics.
