Russian military hackers have set their sights on Signal, the encrypted messaging app recently embroiled in a White House security scandal, according to new findings from Google researchers. The targeting raises fresh concerns about the safety of classified U.S. communications.
The Russian Hacking Operation
Google's investigation revealed that APT44, a cyber unit linked to Russia's GRU military intelligence agency, exploited Signal's "linked devices" feature to breach Ukrainian accounts. The hacking group, also known as Sandworm, deployed sophisticated tactics using fake QR codes that mimicked legitimate Signal features. When scanned, these malicious codes gave hackers backdoor access to messages without breaking the app's encryption.
White House Security Breach
The revelations come in the wake of a major security incident where Trump administration officials, including Defense Secretary Pete Hegseth and Vice President JD Vance, accidentally added The Atlantic's editor Jeffrey Goldberg to a Signal group chat discussing classified military strikes in Yemen. The chat contained sensitive operational details about bombing plans, with some messages set to auto-delete after specific timeframes.
Security Updates and Implications
Signal has responded by implementing enhanced security measures, including new warnings for device linking attempts. However, cybersecurity experts warn that Signal's reputation as a secure platform makes it an attractive target for state-sponsored hackers.
While no direct connection has been established between the Russian hacking campaign and the White House group chat leak, the incidents highlight the risks of using consumer apps for sensitive government communications. The breach has sparked bipartisan concerns about communication protocols within high-level government circles.
Broader Threats
Google researcher Dan Black warns that similar QR code tactics could spread to other messaging platforms, putting high-risk users like politicians and journalists at particular risk. The combination of sophisticated state-backed hacking operations and inadequate communication security protocols presents a growing challenge for U.S. national security.