Russian-linked cyberattackers are increasingly focused on users of the encrypted messaging app Signal, according to a new report from the Google Threat Intelligence Group.

Signal is a secure messaging app enabling end-to-end encrypted text communications and calls, which activists, journalists, politicians and others rely upon.

Dan Black, manager of cyber espionage analysis at Google, said Wednesday the company discovered an uptick in Russian-aligned hackers seeking to breach Signal accounts belonging to people of interest to Russia’s intelligence services.

“While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia’s re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war,” Mr. Black wrote on Google’s blog.

The Russian attackers sought to gain access to victims’ accounts through Signal’s “linked devices” feature, which allows users to use the platform on multiple devices at the same time. Google said the attackers used malicious QR codes to link victim devices to others controlled by the hackers.

Signal said last month it made changes to its linked devices’ functionality. The company said on Jan. 27 it made a “simple change” designed to allow users to sync old messages onto newly linked devices.

The added functionality appeared intended to make it easier for users to navigate between devices for texts and calls.

“Just like everything else in Signal, the process of transferring your messages to a new linked device is end-to-end encrypted and private,” the company said in a January blog post.

Google said the attackers sought to ensnare Signal users with tools masked as legitimate-seeming Signal resources, including group invites, security alerts, or device pairing instructions from the Signal website.

Mr. Black wrote that the hackers’ operational emphasis on Signal indicates a growing new threat that people must beware.

“This threat is not only limited to Signal, but also extends to other widely used messaging platforms, including WhatsApp and Telegram, which have likewise factored into the targeting priorities of several of the aforementioned Russia-aligned groups in recent months,” Mr. Black said.

The threat to Signal users is also not limited to remote hacking, but includes “close-access operations” where a cyberattacker may briefly gain access to a victim’s unlocked device.

To guard against hackers targeting Signal users, Google recommended using complex passwords, auditing devices regularly for unauthorized tools gaining access, using multi-factor authentication if available, and exercising caution surrounding QR codes.

The company also urged its users to ensure Google Play Protect features are running for Android devices and encouraged Apple users to consider enabling Lockdown Mode on their devices.

Signal did not respond to request for comment.

• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.