Business

Signal again: Ukrainian military suffers new cyberattacks in messenger

19 March 09:42

The government’s Computer Emergency Response Team (CERT-UA) has recorded multiple cases of cyberattacks against employees of Ukraine’s defense industry and the military. This was reported by CERT-UA, according to Komersant ukrainskyi.

It is noted that during March 2025, the Signal messenger revealed the facts of the distribution of messages with archives, which allegedly contain a report on the results of the meeting. At the same time, in some cases, to increase confidence, messages could be sent from people from the list of existing contacts whose accounts had been compromised in advance.

CERT-UA reminded that such activity has been tracked using the UAC-0200 identifier since at least the summer of 2024. At the same time, since February 2025, the content of decoy messages has been related to UAVs, electronic warfare, etc.

The use of popular messengers, both on mobile devices and computers, significantly expands the space for attacks, in particular by creating uncontrolled (in the context of security) channels for information exchange.

Messenger avoided cooperation with law enforcement

The National Security and Defense Council of Ukraine has previously accused Signal messenger of refusing to cooperate with law enforcement agencies, which makes it difficult to fight enemy cyberattacks. Deputy Secretary of the National Security and Defense Council Serhiy Demediuk made the statement during an international cybersecurity forum. Komersant ukrainskyireported about it.

As the NSDC explained at the time, after the arrest of Pavel Durov in Paris, Telegram began to cooperate with government and law enforcement agencies, which forced Russian cybercriminals to switch to Signal. The lack of interaction between the messenger and law enforcement makes it difficult to detect and neutralize attacks.

Google representatives reported cyberattacks via the messenger

Google’s Threat Intelligence Group has released a study that draws attention to the fact that the APT44 hacker group (also known as Sandworm) and other hackers with ties to Russia have invented new ways to spy on Signal accounts used by the Ukrainian military and government officials.

As noted in a study by the Google Threat Intelligence Group, this is often done through malicious QR codes, as well as through devices captured on the battlefield.

Google recommended that all Signal users update the app to the latest version.

Василевич Сергій
Editor

Latest news

24 April 22:30 Industrial inflation reached 52%: what it means for business and consumers
24 April 21:55 Ukrainian bakers earned millions on Easter cakes: how the business adapted to holiday demand
24 April 21:25 HACC takes Roman Nasirov into custody
24 April 20:54 An algorithm instead of a PR specialist: is business ready for the new era and how AI is changing communications today
24 April 20:52 Torture of prisoners and other violations found in Kyiv SIZO
24 April 19:22 Zelensky responds to White House statements about Trump’s “patience”
24 April 19:13 OPINION Fesenko: Trump’s peace plan is a business deal, not a political decision
24 April 18:42 Ukrainian and Czech law enforcement expose hackers who stole from EU and US citizens
24 April 18:35 Energy efficiency under control: the EU will update smartphone labeling
24 April 17:38 Britain has banned the sale of joysticks to Russia. What is the reason?

Popular

© 2024, Copyright 2023, All Rights Reserved