Skip to content
Tech News
← Back to articles

A spyware investigator exposed Russian government hackers trying to hijack Signal accounts

2026-05-14 | original
read original get Signal Privacy Screen Protector → more articles
Why This Matters

A security researcher was targeted by Russian government hackers attempting to hijack Signal accounts through phishing tactics. This incident highlights the increasing sophistication of state-sponsored cyber espionage campaigns aimed at popular messaging platforms. The event underscores the importance for consumers and the tech industry to remain vigilant against evolving cyber threats and impersonation scams.

Key Takeaways

Earlier this year, Donncha Ó Cearbhaill, a security researcher who investigates spyware attacks, found himself in an unusual position. For once, he became the target of hackers.

“Dear User, this is Signal Security Support ChatBot. We have noticed suspicious activity on your device, which could have led to data leak,” read a message he received on his Signal account.

“We have also detected attempts to gain access to your private data in Signal,” the message claimed.

“To prevent this, you have to pass verification procedure, entering the verification code to Signal Security Support Chatbot. DON’T TELL ANYONE THE CODE, NOT EVEN SIGNAL EMPLOYEES.”

Obviously, Ó Cearbhaill, who heads Amnesty International’s Security Lab, immediately recognized that this was an “unwise” attempt at hacking his Signal account. Instead, he thought it’d be a good opportunity to jump into an unexpected investigation.

The researcher told TechCrunch that until then, he had “never knowingly” been targeted with a one-click cyberattack or a phishing attempt like this before.

“Having the attack land in my inbox, and the chance to turn the tables on the attackers and understand more about the campaign was too good to pass up,” he said.

As it turned out, the attempted attack on Ó Cearbhaill was likely part of a wider hacking campaign targeting a large group of Signal users. The hackers’ strategies were to impersonate Signal, warn of bogus security threats, and try to trick targets into giving the hackers access to their account by linking it to a device controlled by the hackers.

Those techniques were exactly the same as those seen in a wider campaign that the U.S. cybersecurity agency CISA, the United Kingdom's cybersecurity agency, and Dutch intelligence, have all warned of the attacks, and blamed on Russian government spies. Signal, too, has warned of phishing attacks targeting its users. German news magazine Der Spiegel found that the Russian hackers were able to compromise several people inside the country, including high-profile politicians.

Ó Cearbhaill said in a series of online posts that he was able to figure out that he was one of more than 13,500 targets. He declined to reveal exactly how he investigated the hacking attempt and campaign to avoid revealing his hand to the hackers, but shared a few details about what he learned.

... continue reading

Explore topics: signal spyware hackers russian government cybersecurity
Related:
Cisco cuts nearly 4,000 jobs to spend more on AI, reports ‘record quarterly revenue’
AI Drives Cybersecurity Investments, Widening 'Valley of Death'
Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight
Canvas Hack Aftermath: Congress Wants Instructure to Answer Questions
AI-driven cyberattacks will start to be the 'new norm' in months, Palo Alto warns

© 2026 GoKawiil

About | Editorial Policy | Contact