Malicious cyber actors are targeting messaging apps using commercial spyware programs, the Cybersecurity and Infrastructure Security Agency warned on Monday.
Multiple threat actors have used “sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app,” which then lets them deploy additional malware and acquire deeper access to the target’s phone, CISA said in an alert.
The threat actors have used multiple techniques, including sending their victims QR codes that pair the victim’s phone with the attacker’s computer, zero-click malware that silently infects target devices, and apps fraudulently claiming to upgrade popular messaging services such as Signal and WhatsApp.
Hackers are focused on senior government officials, military leaders and executives at civil-society organizations, CISA said, citing public reporting that showed attacks in the U.S., Europe and the Middle East.
Commercial spyware firms have become increasingly popular, especially among authoritarian governments, because of their prowess in penetrating widely used messaging apps through device-hijacking malware. Western governments and technology companies have tried to limit the spread of these tools with sanctions and litigation.
High-value targets
Messaging services have become a top target for advanced hacker groups, especially nation-state actors, because of the wealth of valuable information they store. Encrypted messaging apps such as Signal face some of the most intense attacks because of their use in sensitive environments.
CISA’s warning, which collects recent news reports and threat research, suggests that the agency has grown more worried about the prevalence of sophisticated attacks on messaging services.
Human-rights groups and other civil-society organizations are particularly vulnerable to these attacks because of their meager security resources.
CISA advised organizations to consult its mobile communications security guidance and its security advisory for civil-society groups. It recently updated the former document — originally crafted in response to the Chinese government’s Salt Typhoon espionage campaign — to reflect a wider range of targets and to include more recommendations.
