Security2 min read

Security Pro Unveils Russian Hackers Targeting Signal Users

Donncha Ó Cearbhaill, a security researcher, was targeted by hackers who impersonated Signal Security Support. Discover how he turned the tables on these cyber spies.

Admin User

Updated May 14, 2026
0
Security Pro Unveils Russian Hackers Targeting Signal Users

Earlier this year, Donncha Ó Cearbhaill, a renowned security researcher and head of Amnesty International’s Security Lab, found himself unexpectedly thrust into an unusual situation when he received a suspicious message on his Signal account. The message, allegedly from the Signal Security Support ChatBot, warned him about potential data leaks and demanded that he pass a verification process to protect his privacy.

Ó Cearbhaill recognized this as an “unwise” attempt at hacking his account. Instead of panicking, the researcher saw it as a golden opportunity to delve into what turned out to be a broader hacking campaign targeting Signal users, with tactics eerily similar to those employed by Russian government spies.

The hackers used phishing techniques, impersonating legitimate Signal support and warning about security threats. They aimed to trick victims into linking their accounts to devices controlled by the hackers, thus gaining unauthorized access. These strategies were consistent with campaigns warned against by U.S. cybersecurity agency CISA, the UK's National Cyber Security Centre (NCSC), and Dutch intelligence agencies.

Der Spiegel reported that Russian hackers managed to compromise several individuals in Germany, including high-profile politicians. Ó Cearbhaill discovered he was one of over 13,500 potential targets through an investigation that remains largely undisclosed to avoid alerting the hackers. He identified the hackers' system as 'ApocalypseZ,' which automates attacks and translates victim chats into Russian, further confirming their possible affiliation with Russian government hacking groups.

Although Ó Cearbhaill suspects he may become a target again due to being part of a group chat that was compromised, he believes the hackers might have already regretted targeting him. To protect against such attacks, users are advised to enable Registration Lock, which requires setting a PIN for their account and preventing others from registering their phone number on another device.

SignalRussian hackingcybersecurityDonncha Ó CearbhaillAmnesty International