KYIV, UKRAINE — The encrypted messaging app Signal has stopped responding to requests from Ukrainian law enforcement regarding Russian cyber threats, a Ukrainian official claimed, warning that the shift is aiding Moscow’s intelligence efforts.
According to Serhii Demediuk, deputy secretary of Ukraine’s National Security and Defense Council, Signal remains one of the most exploited messaging apps for Russian espionage operations targeting Ukrainian military personnel and government officials.
“With its inaction, Signal is helping Russians gather information, target our soldiers and compromise government officials,” Demediuk said at the Kyiv International Cyber Resilience Forum on Tuesday.
Signal, a U.S.-based nonprofit platform known for its commitment to privacy, has not publicly commented on Demediuk’s claims and did not respond to a request for comment. Demediuk suggested that the shift in Signal’s policy may be linked to political instability in the U.S., adding that cooperation could resume soon.
Speaking to Recorded Future News on the sidelines of the Kyiv cyber forum, Demediuk said that Ukraine used “an official communication channel” to reach out to Signal about how the app is being abused by Russians, including for phishing attacks and account takeovers targeting Ukrainian users. Previously, the company responded to such requests, but that is no longer the case.
“This is a threat to us,” Demediuk said. “When a messenger we trusted and relied on fails us, it becomes a problem.”
Ukraine and Western researchers have previously warned about attacks conducted by Russia-linked threat actors through Signal.
In a report published in February, Google’s security team warned that Russian state-backed hackers are increasingly targeting Signal accounts, including those used by Ukrainian military personnel and government officials, in an effort to access sensitive information that could aid Moscow’s war effort.
In these attacks, hackers typically use phishing messages to infect targeted devices with spyware. Another technique involves abusing Signal’s legitimate “linked devices” feature, which allows the app to be used on multiple devices simultaneously — delivering messages in real time to both the victim and the attacker.
Alternative to Telegram
Ukrainians have increasingly turned to Signal as an alternative to the Russia-founded messaging app Telegram, which has been widely believed to be exploited by Russian intelligence for data collection and influence operations, Demediuk said.
Following the arrest in France of Telegram’s Russia-born founder, Pavel Durov — who has been investigated for a range of offenses related to his platform — the app’s cooperation with law enforcement has improved, according to Demediuk.
Earlier in September, Telegram updated its terms of service, stating that it would begin disclosing the IP addresses and phone numbers of users who violate the app’s rules to relevant authorities “in response to valid legal requests.”
Although Telegram remains a threat, Demediuk said it is unlikely that Ukraine will block the app, despite previous discussions. Blocking it “is not a viable solution in the digital world,” he added — it would only serve as free advertising. Instead, users should be educated about the risks of using it.
Ukraine has previously banned Telegram on official devices used by state and security officials, military personnel and employees of critical infrastructure facilities.
U.S.-Ukraine Cooperation
The U.S. foreign aid freeze and a shift in the Trump administration’s approach to the war in Ukraine have impacted Ukraine’s cyber and information warfare efforts.
Earlier in March, U.S. Cyber Command halted the planning of offensive cyber operations against Russia in an effort to reportedly bring both parties to the negotiating table. Later, Trump ordered a suspension of intelligence sharing with Ukraine, but later restarted it after Kyiv agreed to Washington’s proposal for a 30-day interim ceasefire with Russia.
The foreign aid freeze has also affected Ukraine’s counter-disinformation initiatives. International programs backed by American agencies such as USAID have been halted, posing a “significant threat” to the work of independent media and fact-checking organizations, local cyber officials previously told Recorded Future News.
In January, Facebook and Instagram owner Meta announced changes to its content moderation policies, replacing third-party fact-checkers with a “community notes” system that allows users to determine the accuracy of content.
The shift in U.S. policy has encouraged Ukraine to seek new partnerships in Europe and explore new opportunities in the domestic market.
“We are returning to the idea that we must always seek alternatives — for communication and information exchange,” Demediuk said.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
