TL;DR
A cybersecurity researcher identified a Russian hacking campaign targeting Signal users, including high-profile individuals. The hackers used phishing tactics and automated tools, with authorities warning of ongoing attacks.
A cybersecurity researcher has exposed a Russian government hacking campaign targeting Signal users, including politicians and journalists, revealing a sophisticated effort to hijack accounts through phishing and automated tools. The campaign’s exposure underscores ongoing cyber espionage efforts by Russian state actors.
Donach Ó Cearbhaill, a security researcher at Amnesty International’s Security Lab, identified an attempted hacking attack on his Signal account in early 2026. He recognized the attack as part of a broader campaign involving Russian hackers using a tool called ‘ApocalypseZ’ to automate phishing and account hijacking on Signal. The hackers impersonated Signal support messages to trick targets into revealing verification codes, enabling them to gain control over accounts.
Ó Cearbhaill estimated that over 13,500 individuals had been targeted, including journalists and colleagues. He observed that the attack infrastructure was in Russian, with the hackers translating victim chats into Russian, aligning with prior assessments linking the campaign to Russian state-sponsored cyber espionage groups. The campaign appears to be ongoing, with attacks continuing beyond his initial detection.
Why It Matters
This development highlights the persistent threat posed by Russian government hackers to digital communications security, especially targeting encrypted messaging platforms like Signal used by journalists, politicians, and activists. The campaign’s scale and sophistication demonstrate the importance of cybersecurity vigilance and the potential for espionage, data theft, or political manipulation.
FEITIAN K44 Dual-Connector iOS USB Security Key – Two Factor Authenticator – USB-C + Lightning – FIDO2 + PIV + MFi – Help Prevent Account Takeovers
FIDO U2F and FIDO2 certified USB-C/Lightning Security Key with MFi certification; works with iOS computers and devices using…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Earlier this year, Western cybersecurity agencies, including CISA and UK cybersecurity authorities, issued warnings about Russian hacking groups targeting Signal and other encrypted platforms. German media also reported that Russian hackers had compromised several high-profile figures within Russia. The use of automated tools like ApocalypseZ marks a shift toward larger, more efficient campaigns designed to exploit trusted communication channels.
“The attack on my Signal account was likely part of a larger, automated campaign targeting thousands, including journalists and officials.”
— Donncha Ó Cearbhaill
“The use of Russian-language code and translation of chats strongly indicates Russian state involvement, consistent with prior assessments.”
— Cybersecurity analyst familiar with the campaign
McAfee Total Protection with Scam Detector | Avoid Phishing Emails, Texts, Video and QR Code Scams with Scam Protection Software App for iPhone & Android | 1-Year Subscription with Auto-Renewal
ALL-IN-ONE SCAM PROTECTION – Stop sophisticated phishing attacks before they reach you; our scam detection helps you avoid…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
While the campaign’s infrastructure and scope are partially understood, the full extent of targets and specific operational details remain unclear. It is also uncertain whether the hackers have been fully disrupted or if they plan further attacks.
Privacy by Design: Tools for Privacy Protection | Anonymization vs Encryption | AI-driven data protection solutions | Secure data economy best practices | Anonymization vs encryption explained | DPDPA
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Authorities and cybersecurity firms are expected to continue monitoring the campaign, with potential updates on arrests or takedowns of hacking infrastructure. Signal has advised users to enable Registration Lock and remain vigilant against phishing attempts. Further investigations into the hackers’ operations are anticipated.
Thetis Pro FIDO2 Security Key, Two Factor Authentication NFC Security Key FIDO 2.0, Dual USB A Ports & Type C for Multi layered Protection (HOTP) in Windows/MacOS/Linux, Gmail, Facebook,Dropbox,Github
Check FIDO2 compatibility before purchase – Known limitations: ID Austria is not supported (requires FIDO2 Level 2). Windows…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
How do hackers hijack Signal accounts?
They send phishing messages impersonating Signal support, trick targets into revealing verification codes, and then use automated tools to link the account to a device controlled by the hackers.
What is ApocalypseZ?
It is an automated hacking tool used by the Russian hackers to target multiple Signal users simultaneously, enabling large-scale phishing campaigns with limited human oversight.
Are Signal users safe from these attacks?
Users can reduce risk by enabling the Registration Lock feature, which requires a PIN to register the account on new devices, and by being cautious of suspicious messages.
What is the significance of this campaign?
This campaign exemplifies the ongoing cyber espionage efforts by Russian state actors targeting encrypted communications, with implications for political, journalistic, and personal privacy security worldwide.
Will the hackers be stopped?
Authorities and cybersecurity firms are actively investigating and working to disrupt the campaign, but the full scope of their operations and future plans remains uncertain.
