Just weeks before top US officials used the encrypted messaging app Signal to coordinate a military strike on the Houthis in Yemen, a Google Threat Intelligence (GTI) report highlighted how Russian military hackers had compromised Signal accounts in Ukraine using sophisticated phishing tactics.
This alarming timeline places the decision of US officials—including Vice President JD Vance, Secretary of State Mark Rubio, Secretary of Defense Pete Hegseth, and National Security Advisor Mike Waltz—under intense scrutiny.
What Did Google’s Report Reveal?
According to Google, Russian hackers from the GRU’s APT44 group successfully targeted Ukrainian users’ Signal accounts by exploiting features intended for user convenience.
Main techniques used by hackers included:
-
Malicious QR Codes: Tricking users into scanning fake QR codes to link their Signal accounts to the attacker’s device.
-
Fake Group Invite Links: Disguising links to look like legitimate group invites but instead redirecting users to link their accounts to hacker-controlled devices.
Despite these attacks, Signal’s core encryption was not broken. However, the compromise occurred at the user level, making the threat just as severe.
Timeline of Google’s Findings and US Officials’ Use of Signal
| Event | Date |
|---|---|
| Google publishes report on Signal hacks in Ukraine | February 2025 |
| US officials use Signal to plan Houthi strikes | March 2025 |
| Operational plans accidentally shared with journalist Jeffrey Goldberg | March 2025 |
| Fallout and criticism begin | March 25–26, 2025 |
Security Breach: What Went Wrong?
During the Signal discussion group created by NSA Mike Waltz, Editor-in-Chief of The Atlantic, Jeffrey Goldberg, was accidentally added. Defense Secretary Pete Hegseth allegedly shared complete operational details in the group, including:
-
Target coordinates
-
Weapon specifications
-
Strike timing
This constitutes one of the worst communication security lapses in recent US defense history.
Why Is This Alarming?
-
Signal is not authorized for US national security or intelligence communication.
-
Strict federal protocols require secure, internal networks for military planning.
-
Mobile phones are normally not allowed in secure briefings, much less used to chat about strike plans.
Historical Background on APT44’s Activities
The APT44 hacking group, associated with Russia’s GRU, has previously been linked to:
-
Ukraine Power Grid attacks (2015)
-
NotPetya ransomware (2017), causing global losses of over $10 billion
-
Olympic hacks during the 2018 Winter Games in South Korea and 2021 Tokyo Games
Their resurgence in Ukraine during the war, combined with the targeting of communication apps like Signal and WhatsApp, indicates a highly adaptive and dangerous cyber strategy.
Implications for US National Security
The use of Signal by key officials, combined with unauthorized participants in the group, may have exposed critical national defense information. The risks included:
-
Exposure of intelligence sources
-
Operational disruption had adversaries accessed the data
-
Possible violation of the Espionage Act
FAQs
Was Signal hacked by Russian intelligence?
No, Signal itself was not hacked. However, Russian hackers exploited its linked device feature and phishing tactics to gain access to user accounts.
Who were the US officials involved in the Signal war group?
Vice President JD Vance, Secretary of State Mark Rubio, Defense Secretary Pete Hegseth, and National Security Advisor Mike Waltz were all involved.
What kind of information was shared on Signal?
Complete military operation plans, including target details, weapons used, and timing, were reportedly shared.
Why is this incident being considered a major breach?
Because national defense protocols were bypassed, unauthorized persons were added, and sensitive information was shared on a non-secure platform.
Can this incident lead to legal action?
Yes. Sharing classified information, even unintentionally, with unauthorized individuals could lead to Espionage Act charges.
Click here to know more.