Summary
Key Points:
- Russian-linked hacking groups UNC5792 and UNC4221 are targeting U.S. officials and journalists through phishing attacks on Signal and WhatsApp, seeking to obtain Signal Backup Recovery Keys.
- The impact includes compromised messaging accounts of thousands of individuals, allowing attackers to access sensitive conversations and launch further phishing attacks.
- Recommended actions include enhancing user awareness regarding social engineering tactics, implementing multi-factor authentication, and monitoring for suspicious activity related to messaging apps.
Technical Details: The attackers exploit legitimate device-linking features in secure messaging apps to trick victims into connecting their accounts to attacker-controlled devices. This method allows them to bypass encryption without directly breaking it.
MITRE ATT&CK Techniques:
- T1566 - Phishing (Initial Access)
- T1203 - User Execution (Execution)
- T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
IOCs Mentioned: None mentioned
Join the discussion — sign up to comment, upvote, and save articles.