- Dutch intelligence warns of Russian cyber-espionage efforts
- Hackers target Signal and WhatsApp via social engineering
- Campaign likely already yielded sensitive information
The General Intelligence and Security Service (AIVD), the Netherlands’ primary civilian intelligence and security agency, has warned of a major ongoing cyber-espionage campaign by Russian spies.
In a security advisory, AIVD said it had seen Russian state-sponsored hackers engaging in a “large-scale global cyber campaign” targeting dignitaries, military personnel, and civil servants, including Dutch government employees.
Other high-value individuals, such as journalists could also be targeted, it was said.
Article continues below
Intel already taken
The strategy is social engineering, and the goal is to gain access to their targets’ Signal and WhatsApp accounts.
Instead of looking for software vulnerabilities, the crooks are trying to persuade their victims into sharing security verification- and pincodes. The two most common approaches are either to spoof the Signal Support chatbot, or to try and take advantage of the “linked devices” function.
This function lets multiple devices be connected to the same account, allowing the spies to read the conversations without alerting the victims in any way.
AIVD believes the campaign is already a success: “The Russian hackers likely gained access to sensitive information through this campaign,” it said, although it did not detail if they accessed it from Dutch targets or someone else entirely.
In the advisory, AIVD also says the Russians are most likely interested in Signal and WhatsApp because of their good reputation.
“Signal is renowned as a reliable and independent communication channel which offers end-to-end encryption. This makes it an attractive channel for use within governments wishing to protect their internal communication. It also makes it the ideal place for malicious actors to try to capture sensitive information.”
That’s why MIVD Director, vice-admiral Peter Reesink, advises against using these tools for classified, confidential, or sensitive information sharing. We would add that it would be wise not to share access to your apps with anyone, especially if you’re in a sensitive position.
Via The Register
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/zjaJ25xrgFNLKEHr8bjVcY-2560-80.jpg
Source link
