A spyware investigator exposed Russian government hackers trying to hijack Signal accounts - BERITAJA
By: Albert Michael - Thursday, 14 May 2026 21:07:40 • 4 min read
A spyware investigator exposed Russian government hackers trying to hijack Signal accounts - BERITAJA is one of the most discussed topics today. In this article, you will find a clear explanation, key facts, and the latest updates related to this topic, presented in a concise and easy-to-understand way. Read more news on Beritaja.
Earlier this year, Donncha Ó Cearbhaill, a information interrogator who investigates spyware attacks, recovered himself successful an different position. For once, he became the target of hackers.
“Dear User, this is Signal Security Support ChatBot. We person noticed suspicious activity connected your device, which could person led to information leak,” publication a connection he received connected his Signal account.
“We person besides detected attempts to summation entree to your backstage information successful Signal,” the connection claimed.
“To forestall this, you person to walk verification procedure, entering the verification codification to Signal Security Support Chatbot. DON’T TELL ANYONE THE CODE, NOT EVEN SIGNAL EMPLOYEES.”
Obviously, Ó Cearbhaill, who heads Amnesty International’s Security Lab, instantly recognized that this was an “unwise” effort astatine hacking his Signal account. Instead, he thought it’d beryllium a bully opportunity to jump into an unexpected investigation.
The interrogator told TechCrunch that until then, he had “never knowingly” been targeted pinch a one-click cyberattack aliases a phishing effort for illustration this before.
“Having the onslaught onshore successful my inbox, and the chance to move the tables connected the attackers and understand much about the run was excessively bully to walk up,” he said.
As it turned out, the attempted onslaught connected Ó Cearbhaill was apt portion of a wider hacking run targeting a ample group of Signal users. The hackers’ strategies were to impersonate Signal, pass of bogus information threats, and effort to instrumentality targets into giving the hackers entree to their relationship by linking it to a instrumentality controlled by the hackers.
Those techniques were precisely the aforesaid arsenic those seen successful a wider run that the U.S. cybersecurity agency CISA, the United Kingdom's cybersecurity agency, and Dutch intelligence, person each warned of the attacks, and blamed connected Russian authorities spies. Signal, too, has warned of phishing attacks targeting its users. German news mag Der Spiegel found that the Russian hackers were capable to discuss respective group wrong the country, including high-profile politicians.
Ó Cearbhaill said successful a bid of online posts that he was capable to fig retired that he was 1 of much than 13,500 targets. He declined to uncover precisely really he investigated the hacking effort and run to debar revealing his manus to the hackers, but shared a fewer specifications about what he learned.
A screenshot of the phishing onslaught that targeted donncha Ó Cearbhaill, a information interrogator astatine Amnesty International. (Image: DONNCHA Ó Cearbhail)Image Credits:Donncha Ó CearbhaillFirst, he realized that different targets included journalists he had worked with, arsenic good arsenic a colleague. At that point, Ó Cearbhaill said he already suspected this was an opportunistic onslaught wherever hackers compromised targets and identified caller imaginable victims, acknowledgment to those successful attacks.
Ó Cearbhaill called it a “snowball hypothesis,” and said he is convinced he became a target because he was apt successful a group chat pinch personification who sewage hacked, which gave the hackers a chance to find the interaction accusation of caller targets.
The interrogator said he was capable to place the strategy the hackers were using, which is called “ApocalypseZ,” which automates the attack, allowing the hackers to target galore group astatine the aforesaid clip successful bulk pinch constricted quality oversight.
He besides recovered that the codebase and usability interface is successful Russian, and the hackers were translating unfortunate chats into Russian, which lines up pinch the presumption that this was the aforesaid Russian authorities hacking group down akin campaigns.
Ó Cearbhaill said that he’s still monitoring the campaign, and has seen the attacks continue, meaning the full number of targets is surely overmuch higher than the number he saw earlier this year.
He said he doubts the hackers will spell aft him again, and about apt regret going aft him successful the first place. He said: “I invited early messages, particularly if they person zero-days they would for illustration to share," referring to security flaws that are not yet known to the vendor, which are often utilized successful attacks that he investigates.
Ó Cearbhaill said that if Signal users are worried about getting targeted pinch this type of attack, they should move connected Registration Lock, a characteristic that lets users group a PIN for their relationship that prevents others from registering their telephone number connected a different device.
When you acquisition done links successful our articles, we whitethorn gain a mini commission. This doesn’t impact our editorial independence.
Related News
Subscribe
This article discusses A spyware investigator exposed Russian government hackers trying to hijack Signal accounts - BERITAJA in detail, including key facts, recent developments, and important insights that readers are actively searching for online.
