"The agency says the activity it's seeing suggests an increasing focus on "high-value" individuals - everyone from current and former senior government, military, and political officials to civil society groups across the US, the Middle East, and Europe. In many of the campaigns, attackers delivered spyware first and asked questions later, using the foothold to deploy more payloads and deepen their access."
"CISA has warned that state-backed snoops and cyber-mercenaries are actively abusing commercial spyware to break into Signal and WhatsApp accounts, hijack devices, and quietly rummage through the phones of what the agency calls "high-value" users. In an alert published Monday, the US government's cyber agency said it's tracking multiple miscreants that are using a mix of phishing, bogus QR codes, malicious app impersonation, and, in some cases, full-blown zero-click exploits to compromise messaging apps which most people assume are safe."
"The campaigns CISA flags in its bulletin show attackers doing what they do best: sidestepping encryption entirely by spoofing apps, abusing account features, and exploiting the phones underneath them. For example, Google's Threat Intelligence Group in February detailed how multiple Russia-aligned crews, including Sandworm and Turla, attempted to snoop on Signal users by abusing the app's "linked devices" feature. By coaxing victims into scanning a tampered QR code, the operators could quietly add a second, attacker-controlled device to the account. Once paired,"
CISA warned that state-backed groups and cyber-mercenaries are actively abusing commercial spyware to compromise Signal and WhatsApp accounts, hijack devices, and access phones belonging to high-value users. Attackers employ phishing, bogus QR codes, malicious app impersonation, and sometimes zero-click exploits to breach messaging apps. Campaigns focus on current and former senior government, military, and political officials as well as civil society groups across the US, the Middle East, and Europe. Operators often deliver spyware first, then deploy additional payloads to deepen access. Attackers sidestep end-to-end encryption by spoofing apps, abusing account features, and exploiting the underlying mobile devices.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]