"π¨ *Major lawful Interception *: Russian XMPP (Jabber) Service Under Attack! π¨"
The largest Russian XMPP (Jabber) messaging service, jabber.ru (also known as xmpp.ru), has been targeted in a sophisticated Man-in-the-Middle (MiTM) attack. The attackers intercepted encrypted TLS connections on Hetzner and Linode hosting providers in Germany. π©πͺπ
Several rogue TLS certificates were issued using the Letβs Encrypt service to hijack encrypted STARTTLS connections on port 5222. The attack was unveiled due to an expired MiTM certificate. The interception might have been ongoing for up to 6 months, with 90 days confirmed.
The attack seems to be a lawful interception that Hetzner and Linode might have been compelled to set up. The implications are severe: all communications between the affected dates could be compromised. Users are urged to check their accounts for unauthorized #OMEMO and #PGP keys and to change passwords. ππ«
Author: ValdikSS, 21st October 2023
Source: ValdikSS's Notes
Tags: #XMPP #Jabber #MiTM #Cybersecurity #Hetzner #Linode #EncryptionBreach #TLS #STARTTLS #LetsEncrypt πππ«