IT security experts from Amnesty International’s Security Lab have uncovered a sophisticated phishing tool linked to presumed Russian state-sponsored hackers, which is currently targeting users of the messaging service Signal.
The attack tool, named “Apocalypse Z” and programmed in Russian, works by sending users deceptive messages mimicking “Signal Support”. These messages trick recipients into entering personal data or scanning a QR code. Expert analysis shows that successful attacks allow the criminals to gain access to the user’s chats or even completely take over the Signal account. Leading human rights organization Donncha Ó Cearbhaill, head of the lab, revealed that the sheer scope of the campaign is significantly larger than previously understood.
In January alone, Amnesty experts observed a database containing over 13,700 mobile numbers belonging to potential victims. Of particular concern are the widely reported incidents involving high-profile German figures, including Bundestag President Julia Klöckner (CDU), and Federal Ministers Karin Prien (CDU) and Verena Hubertz (SPD). Analysis of the malicious software found in the attack also indicated that many of the phishing messages were dispatched using Polish and Dutch numbers.
Ó Cearbhaill, who himself received one of the phishing attempts, strongly dismissed calls from some quarters-including those advocating for a ban on Signal for government use-as unwarranted. He emphasized that Signal continues to offer excellent security, arguing that the threat of falling victim to such sophisticated attacks is equally high with other messaging services.