Russian-backed hackers have gained access to Signal and WhatsApp accounts used by officials, military personnel and journalists, as claimed by two intelligence agencies in the Netherlands.
(www.reuters.com)
from cm0002@libretechni.ca to cybersecurity@infosec.pub on 09 Mar 16:22
https://libretechni.ca/post/1016056
from cm0002@libretechni.ca to cybersecurity@infosec.pub on 09 Mar 16:22
https://libretechni.ca/post/1016056
threaded - newest
Hmm… quite a bit of issues in this statement. I wonder what they were instructed to use internally instead.
You are only allowed to talk to yourself in a vaccum.
Classic phishing. Secure channels are only as good as the gate and key handling surrounding them.
For official org-based accounts like that, I could imagine a messaging system where you can only see and share security codes with a second-person factor. If the user wants to access it, at least another authorized trained person must take part, acknowledge, and authorize the action. As long as users can access key information relatively easily, they are phishable.
It’s a phishing attack but I’m still going to link simplex for people looking for something more secure than signal running on google cloud.
simplex.chat