Russian ‘New Year’ Spam Barrage Hits Ukrainian Military on Signal Messenger App

   In recent days, Ukrainian soldiers have been bombarded with spam messages via the Signal messenger, allegedly from Russians sending "New Year's greetings." The messages encourage recipients to "raise the Russian tricolor above your head" and "cleanse yourself of the evil that flooded the country."

Multiple Ukrainian military personnel shared screenshots of these messages with Kyiv Post. The content of the messages is uniform:

"Dear compatriots, on the eve of the New Year, following the Russian tradition, we wish you peace and goodness! Happiness and mutual understanding! May 2024 bring peace and order to the original Russian land!

May each of you proudly lift the Russian tricolor, a symbol of statehood, freedom, and independence! Rid yourselves of the evil that has flooded the country! And we will assist you! Glory to Ukraine as part of the Russian Federation! Happy holiday, dear compatriots! Happy New Year!"

After scouring social media, Kyiv Post has determined that these messages weren't limited to just the military; civilians in Ukraine also found themselves on the receiving end.

Widespread concerns have emerged within the community, raising questions about the potential hacking of the Signal messenger, known for its robust security features and widely used by the Ukrainian military for operational communication.

Andriy Yusov, a spokesperson for the Defense Ministry’s Main Directorate of Intelligence (HUR), informed Kyiv Post that intelligence has detected a surge in various forms of hostile communications targeting both messengers and email addresses.

“This is clearly another attempt to exert pressure on Ukrainian society. These mailings often seem haphazard, meaning a message intended for the military might end up reaching civilians, and vice versa,” stated the HUR representative.

He highlighted that the content of these messages is generally quite basic and "cannot sway, motivate, or intimidate a Ukrainian in any meaningful way." Yusov doesn't dismiss the possibility that Russians might be utilizing outdated databases, including email addresses, for such spam distributions.

"In today’s world, obtaining specific databases, including those with phone numbers, is not a challenge. However, it doesn't necessarily mean the adversary comprehends the exact recipients of their messages," he clarified.

The HUR underscores that, in this instance, there is no indication of any hacking of the messenger platform.

“Information gets delivered to messengers associated with specific phone numbers. Receiving such information doesn't necessarily imply a compromised messenger. However, it's wise to exercise caution with messages from unknown numbers, as they could pose potential risks beyond just the text,” Yusov cautioned.

Colonel Vladyslav Seleznyov, former head of the Armed Forces of Ukraine (AFU) General Staff press service, reassured Kyiv Post that there's no indication of Signal being hacked.

“How does spamming work? In a designated location with the necessary equipment, which identifies Signal users, a mass distribution is carried out to all messenger users in a particular region or district,” explained the colonel.

“The Signal platform is well-protected. I don't believe Signal was compromised, and there's no need for everyone to abandon Signal immediately,” added Seleznyov.

The AFU colonel stressed the vital role of the information aspect in Russian aggression. He revealed that Russians employ such spam messages via phones and emails to instill a sense of hopelessness and despair in Ukrainian society.

“We can observe a tense situation within our society due to certain decisions made by our military and political leadership, along with discussions on how to continue resisting Russia's aggression. This spam campaign is only adding fuel to these intense debates,” noted Seleznyov.

He pointed out that the narratives in these messages have no connection to the plans of Russian President Vladimir Putin and his associates because "the enemy is not concealing their intention to dismantle Ukraine as a state."

“It's important not to believe the information spread in these spam messages. The enemy is spreading falsehoods to amplify despair in Ukrainian society, to sow discord. The only way to restore peace and tranquility to our country is to eliminate the Russian invaders who have entered our land with weapons. There is no other solution,” concluded Seleznyov.

Signal stands as a cross-platform encrypted instant messaging service, founded by US citizens Moxie Marlinspike and Brian Acton. The development is carried out by the Signal Foundation and Signal Messenger.

As per information from the Ukrainian IT portal, this messenger boasts encrypted device-to-device (E2EE) messages. Every communication within the application, be it video calls, regular calls, file transfers, and more, is consistently encrypted and shielded by this security measure.

This implies that the data isn't stored on the messenger’s servers but resides on users' devices. Consequently, even the app developers lack access to this information. Signal operates without collecting user data or displaying advertisements, relying on private donations for its ongoing development.

Previously, the expert team from the State Special Communications Service of Ukraine suggested that Threema could serve as an alternative to Signal. Threema, often used by the Ukrainian military, offers additional cross-checking and verification tools, though it requires an installation cost.