Russian instant messaging service subjected to months-long wiretapping operation

Russian XMPP-based instant messaging service jabber[.]ru was discovered to have been wiretapped between April 18 and Oct. 19 by threat actors using Germany-based Hetzner and Linode servers, reports The Hacker News. Numerous new TLS certificates have been released by attackers to facilitate encrypted STARTTLS connection takeovers on port 5222 through a transparent man-in-the-middle proxy, according to security researcher ValdikSS. Such wiretapping activity, which is believed to have been halted when an investigation began on Oct. 18, may either be a legal interception conducted by the German police or an MiTM attack against Hetzner and Linode networks, said the researcher. "Given the nature of the interception, the attackers have been able to execute any action as if it is executed from the authorized account, without knowing the account password. This means that the attacker could download the account's roster, lifetime unencrypted server-side message history, send new messages, or alter them in real time," the researcher added.