A lot of people seem to be confused so to clear up: They haven’t broken encryption. They are phishing using malicious QR codes.
Russia-backed hacking groups have developed techniques to compromise encrypted messaging services, including Signal, WhatsApp and Telegram, placing journalists, politicians and activists of interest to the Russian intelligence service at potential risk.
Google Threat Intelligence Group disclosed today that Russia-backed hackers had stepped up attacks on Signal Messenger accounts to access sensitive government and military communications relating to the war in Ukraine.
Analysts predict it is only a matter of time before Russia starts deploying hacking techniques against non-military Signal users and users of other encrypted messaging services, including WhatsApp and Telegram.
This is a Phishing attack, just so we’re clear, they haven’t broken the encryption. They gain access by tricking you into clicking malicious links or scanning fake QR codes. As long as you stay vigilant you should be fine, make sure to warn other people in your life though who might not be as keen on this though, they can easily be compromised, and if they share conversations with you it can indirectly affect you if they are.