Canada’s cyber spy agency says Russian state hackers and proxies are actively targeting governments, the military and businesses in this country as part of its global intelligence operations.
The Canadian Centre for Cyber Security (CCCS) would not say directly whether Canada has been targeted by Russia as part of a recently revealed, large-scale global cyber campaign aimed at Signal and WhatsApp messaging accounts.
According to two Dutch intelligence agencies, Russian state hackers are using phishing techniques to pose as accounts such as “Signal support” in an international campaign aimed at high-profile people to gain access to their messages.
While the CCCS said it can’t comment on specifics, it noted that “Russian cyber threat actors are very likely targeting Canadian government, military, private sector and critical infrastructure networks.”
The two Dutch intelligence agencies issued a warning Monday that Signal and WhatsApp accounts belonging to high-ranking government officials, military personnel, civil servants and journalists around the world are being targeted.
NATO is losing arms race with Russia and China, official says
The Dutch Military Intelligence and Security Service (MIVD) and General Intelligence and Security Service confirmed that accounts in their country had been compromised by Russia’s global cyber campaign.
“The Russian campaign is focused on persuading users to divulge their security verification and pin-codes, allowing the hackers to gain access to the users’ Signal or WhatsApp accounts,” the Dutch agencies said in a statement.
The warning follows a similar one issued last month by Germany. It said unidentified hackers were trying to phish high-profile Signal users in German military and politics.
Once an account has been successfully compromised, the hackers can read incoming messages, including those in chat groups.
Signal is considered one of the most secure messaging platforms in the world. It is commonly used by government officials to communicate with each other and with journalists. It is also one of the main messaging apps for the Ukrainian armed forces.
Signal’s Meredith Whittaker on AI and the tension between privacy and public safety
Hackers have had more success gaining access to WhatsApp, owned by Meta, and its three billion active monthly users. But Signal, which is a non-profit, is known for its unbreakable encryption.
Dutch intelligence said Russia targeted Signal and WhatsApp because of their reputation as being reliable apps that provide end-to-end encryption.
Nonetheless, the head of Dutch’s MIVD said these apps should not be used for exchanging sensitive government and military discussions.
“Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information,” said the director of the MIVD, vice-admiral Peter Reesink.
In a statement to The Globe and Mail, the CCCS said Russian cyber activities are a constant threat to Canada.
“Russia’s unpredictable cyber program routinely challenges existing norms in cyberspace and furthers Moscow’s ambitions to confront and destabilize Canada and our allies,” the CCCS said.
Microsoft accuses Russia’s FSB of targeting foreign embassies in cyber espionage campaign
It said Russia is adept at using “phishing, social engineering and account-compromise attempts to gain access to communications, including messaging applications.”
Dutch intelligence said Russian hackers masquerade as a Signal Support chatbot in order to induce their targets to divulge their codes. The hackers use the codes to take over the user’s account. They also use “linked devices” functions to take over an account.
Signal said in a statement that its encryption functions had not been compromised by Russia.
“These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information – SMS codes and/or Signal PIN – to gain access to users’ accounts,” Signal said in a statement.
“To be clear Signal’s encryption infrastructure have not been compromised and remain robust.”
WhatsApp said users should not share six-digit codes used to secure their account and should block unknown messages or calls.