Ethical Hacking News
US government agency CISA warns of sophisticated spyware attacks on Signal and WhatsApp accounts, targeting "high-value" individuals with phishing, spoofed apps, zero-click exploits, and other tactics. As the threat landscape continues to evolve, it's essential for individuals and organizations to stay informed and take steps to protect themselves against such attacks.
CISA has issued a warning about the increasing threat of sophisticated spyware attacks on Signal and WhatsApp accounts.State-backed hackers and cyber-mercenaries are using phishing, malware, and zero-click exploits to compromise these messaging apps.Targets include "high-value" individuals, such as current and former government officials, military personnel, and civil society groups.Attackers are delivering spyware first and asking questions later, exploiting vulnerabilities to gain deeper access.CISA has identified multiple campaigns using commercial-grade spyware, including LANDFALL and ProSpy/ToSpy.The US government has banned NSO Group from targeting WhatsApp users with Pegasus, highlighting the growing scrutiny of commercial spyware vendors.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to alert the public about the increasing threat of sophisticated spyware attacks on Signal and WhatsApp accounts. According to CISA, state-backed snoops and cyber-mercenaries are actively abusing commercial spyware to break into these messaging apps, hijack devices, and quietly rummage through the phones of "high-value" individuals.
The agency's alert highlights multiple miscreants that are using a mix of phishing, bogus QR codes, malicious app impersonation, and, in some cases, full-blown zero-click exploits to compromise these messaging apps. The activity being tracked by CISA suggests an increasing focus on targeting "high-value" individuals, including current and former senior government officials, military personnel, civil society groups across the US, the Middle East, and Europe.
The campaigns being monitored by CISA show attackers delivering spyware first and asking questions later, using the foothold to deploy additional malicious payloads and deepen their access. These attacks demonstrate a sophisticated understanding of how to sidestep encryption entirely, spoofing apps, abusing account features, and exploiting phones underneath them.
For example, Google's Threat Intelligence Group detailed in February how multiple Russia-aligned crews attempted to snoop on Signal users by abusing the app's "linked devices" feature. By coaxing victims into scanning a tampered QR code, operators could quietly add an attacker-controlled device to the account. Once paired, new messages flowed to both ends in real-time, allowing Moscow's finest to eavesdrop.
CISA also pointed to a separate line of Android exploitation work spearheaded by Palo Alto Networks' Unit 42. This campaign involved delivering commercial-grade spyware known as LANDFALL to Samsung Galaxy devices, combining a Samsung vulnerability with a zero-click WhatsApp exploit. Operators could then slip a malicious image into a target's inbox and have the device compromise itself on receipt.
Another example of these attacks is ProSpy and ToSpy, which made headway by impersonating familiar apps such as Signal and TikTok, hoovering up chat data, recordings, and files once they landed on a device. Zimperium's researchers identified ClayRat, an Android spyware family that has been seeded across Russia via counterfeit Telegram channels and lookalike phishing sites masquerading as WhatsApp, TikTok, and YouTube.
The CISA alert lands amid heightened scrutiny of commercial spyware vendors. The US recently barred NSO Group from targeting WhatsApp users with Pegasus, and earlier this year, the US House of Representatives banned WhatsApp from staff devices after a string of security concerns.
This move reflects the uncomfortable reality behind CISA's warning: attackers aren't breaking encrypted messengers; they're simply burrowing under them. The increasing threat posed by these sophisticated spyware attacks highlights the need for vigilance and caution when using messaging apps.
The Register has provided extensive coverage on commercial spyware vendors, their exploits, and the challenges faced by security professionals in combating these threats. As the situation continues to evolve, it's essential for individuals and organizations to remain informed about these developments and take steps to protect themselves against such attacks.
In conclusion, CISA's warning serves as a reminder that even seemingly secure messaging apps can be vulnerable to exploitation. It is crucial to stay vigilant, monitor for suspicious activity, and maintain robust security measures to prevent these types of attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Warns-of-Sophisticated-Spyware-Attacks-on-Signal-and-WhatsApp-Accounts-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/11/25/cisa_spyware_gangs/
Published: Tue Nov 25 06:03:59 2025 by llama3.2 3B Q4_K_M
