The Kyiv Independent’s contributor Ignatius Ivlev-Yorke spent a day with a mobile team from the State Emergency Service in Nikopol in the south of Ukraine as they responded to relentless drone, artillery, and mortar strikes from Russian forces just across the Dnipro River. Nikopol is located across from the Russian-occupied Zaporizhzhia Nuclear Power Plant in the city of Enerhodar.
Peter Szijjarto's announcement came after Ukraine's Security Service (SBU) allegedly dismantled a Hungarian military intelligence network operating in Zakarpattia Oblast.
Moscow and Washington discuss the potential resumption of Russian gas supplies to Europe, among other issues related to the peaceful settlement of Russia's war in Ukraine, Russian presidential aide Yuri Ushakov confirmed to the Russian state-run Interfax news agency.
"This is a historic decision, as weapons for Ukraine will be purchased at the expense of the proceeds from frozen Russian assets through the European Peace Fund," Denys Shmyhal said.
The approval marks a key step in international efforts to hold Moscow accountable for what is considered the gravest violation of international law committed against Ukraine.
Although Moscow declared on April 28 that it would halt all military actions from May 8 to midnight on May 11 to mark Victory Day, strikes on civilian areas have continued.
Under Soviet dictator Joseph Stalin's rule, millions of Ukrainians died during the Holodomor, a man-made famine in 1932–1933. The dictator also oversaw mass deportations, purges of Ukrainian intellectuals and leaders, and the suppression of the Ukrainian language and culture.
An image of a woman holding a cell phone in front of the Signal logo displayed on a computer screen, on April 29, 2024, in Edmonton, Canada. (Photo by Artur Widak/NurPhoto via Getty Images)
Google’s Threat Intelligence Group (GTIG) has identified a rise in Russian state-backed hacking attempts aimed at compromising Signal messenger accounts.
These attacks primarily target individuals of interest to Russia's intelligence services, including military personnel, government officials, journalists, and activists.
While these efforts are currently tied to Russia’s war in Ukraine, experts warn that similar tactics may soon be adopted by other threat actors worldwide. The broader concern extends beyond Signal, as Russian-aligned groups have also been observed targeting messaging platforms like WhatsApp and Telegram using comparable methods, according to the group's latest report published on Feb. 19.
Experts warn that these attacks signal a growing global trend in cyber espionage, where governments and hacking groups are increasingly seeking to infiltrate secure messaging apps.
The primary technique used in these attacks involves exploiting Signal’s "linked devices" feature, which allows users to connect additional devices to their accounts. Hackers have crafted malicious QR codes that, when scanned, link a victim’s Signal account to a hacker-controlled device.
This enables them to intercept messages in real-time without needing direct access to the victim’s phone. Phishing campaigns distributing these malicious QR codes have been disguised as legitimate Signal security alerts, group invitations, or even official device-pairing instructions from the Signal website. In some cases, hackers have embedded these QR codes within fake applications designed to mimic software used by the Ukrainian military.
Beyond remote phishing, Russian cyber operatives have also deployed this tactic in battlefield scenarios.
The group APT44—also known as Sandworm, a unit linked to Russia’s military intelligence agency (GRU)—has reportedly used the method on captured devices. Soldiers’ Signal accounts are being linked to Russian-controlled infrastructure, allowing continued surveillance of sensitive conversations. This approach is difficult to detect because Signal does not have a centralized system for flagging new linked devices, meaning a successful breach could remain unnoticed for an extended period.
Signal, in collaboration with Google, has since strengthened its security measures to counter these phishing attempts. The latest updates for both Android and iOS include enhanced protections designed to prevent unauthorized device linking. Users are urged to update their apps to the newest version and remain cautious of suspicious QR codes or unexpected device-linking requests.
Olena Goncharova is the Head of North America desk at The Kyiv Independent, where she has previously worked as a development manager and Canadian correspondent. She first joined the Kyiv Post, Ukraine's oldest English-language newspaper, as a staff writer in January 2012 and became the newspaper’s Canadian correspondent in June 2018. She is based in Edmonton, Alberta. Olena has a master’s degree in publishing and editing from the Institute of Journalism in Taras Shevchenko National University in Kyiv. Olena was a 2016 Alfred Friendly Press Partners fellow who worked for the Pittsburgh Post-Gazette for six months. The program is administered by the University of Missouri School of Journalism in Columbia.
Abbey Fenbert
