Data Privacy,
Data Security,
Endpoint Security
Cyber Advisory Highlights Exploitation of Linked Devices in Monitoring Sensitive Communications
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about cyber threat actors targeting current and former high-ranking government officials, military personnel, and political figures. These actors are employing commercial spyware to illicitly access messaging applications like Signal and WhatsApp.
According to a recent advisory, multiple cyber threat actors are using advanced social engineering and targeting techniques to deploy spyware and gain unauthorized access to their victims’ accounts and devices. The alert highlights phishing schemes, malicious QR codes for device linking, and zero-click exploits, which can activate without user interaction, as methods of infiltration. In some cases, perpetrators have been seen impersonating trusted messaging platforms.
This warning follows the “SignalGate” incident during the Trump administration, where sensitive discussions were inadvertently revealed in a poorly managed Signal chat that inadvertently included a reporter. This incident raised significant security concerns regarding the use of commercial devices for classified communications, particularly given their vulnerability to hacking (see: TeleMessage Goes Dark After Trump Adviser Photo Fallout).
CISA’s alert indicates a concentrated offensive against high-value targets, including senior officials and civil society organizations across the U.S., Europe, and the Middle East. The agency emphasized three primary attack methods: phishing and malicious QR codes designed to link victim accounts to the attackers’ systems, zero-click exploits that require no user engagement, and impersonation of popular messaging applications.
Recent findings from Google research highlighted how Russian-aligned espionage groups have exploited Signal’s linked devices feature by manipulating victims into scanning harmful QR codes, thereby granting attackers continuous access to their accounts. This approach allows ongoing communication surveillance without needing to compromise the victim’s primary device.
Additonally, the advisory pointed to a troubling trend where attackers are increasingly deploying counterfeit messaging applications rather than relying solely on phishing tactics. Reports have revealed instances where Android spyware masquerades as Signal to target users in the United Arab Emirates, effectively extracting chat backups, files, media, and contact information from compromised devices.
This warning arrives amid a broader crackdown on commercial spyware, exemplified by a recent ruling from a U.S. federal court that prohibits major spyware provider NSO Group from utilizing WhatsApp to target users. A representative from Meta, which owns WhatsApp, termed NSO as a “notorious foreign spyware merchant,” celebrating the ruling as a positive development for privacy and cybersecurity (see: US Court Blocks Spyware Maker NSO Over WhatsApp Hack).
