Encrypted workplace communications services have seen a spike in user interest in the weeks since the now-infamous "Signalgate" started, executives at these companies tell Axios.

Why it matters: No one wants to be the next Mike Waltz or Pete Hegseth by sharing classified materials with someone they shouldn't. Some of these platforms have extra layers of security to limit who can receive and save messages.

Driving the news: Defense Secretary Hegseth texted details about the March 15 military strike in Yemen in a second Signal chat, according to a New York Times report on Sunday.

• That chat, which Hegseth created and accessed using his personal device, included his wife, brother and personal lawyer.
• The Pentagon and Hegseth have denied the report.

The big picture: Trump administration officials aren't the only ones using Signal for confidential communications.

• Local police departments and C-suite executives are constantly conducting business via the publicly available encrypted messaging platform.
• Daily active users for Signal grew 13% last month, year over year, according to app data analysis firm Sensor Tower.
• "'Signalgate' laid that bare: The world moves off of group chats," Ari Andersen, founder and CEO of encrypted chat platform Kibu, told Axios.

Between the lines: Signal isn't to blame for the federal government's operational security failures. But two encrypted communications companies told Axios they've had more customer calls and downloads since The Atlantic's first story about military strike leaks over Signal.

• "It's definitely skyrocketed," Andersen said. "It definitely has accelerated interest and traction on a number of fronts, for sure."
• Kibu came out of beta in January, and its user base is now projected to double this quarter compared with the first three months of the year, Andersen said. Kibu's users include small family financial wealth management offices, bigger financial institutions and privacy-minded individuals.
• Jeff Halstead, founder of Genasys Connect, an encrypted communications tool popular with law enforcement, told Axios that after the initial stories, he had several conversations with law enforcement and city governments.
• "They're all using Signal," he said.

Zoom in: Both Genasys and Kibu require users to verify their identity to be included in a specific chat.

• Genasys works similarly to Slack, but the conversations are encrypted and most customers are law enforcement officers.
• Each police department has its own workspace that only sanctioned users can access. If a case involves several jurisdictions, they can create multi-workspace environments.
• Kibu is similar: Each user must be invited to participate in a specific end-to-end encrypted group chat, and other users in the chat must also approve the people who are added.
• Kibu users also need to verify their identities using on-device facial recognition every time they log on. And anytime a user takes a screenshot of the chat, all participants are notified.

State of play: Most government-grade encrypted communications tools are difficult to use, Halstead said.

• Halstead, a former law enforcement officer, said his experience sending information through the FBI inspired the idea for Genasys' Connect platform.
• "If I need it distributed via the FBI portal — clunky, slow, arduous," he said. "I mean, it's horrible."

The intrigue: Halstead is not shy about the ways his company could help the federal government if it wanted a new communications tool.

• "If we just look at the Department of Defense, the entire department could be deployed before we go out for happy hour today," Halstead said. "If they can text, if they can email, if they can use their fingers on a smartphone, their training lasts about 15 to 30 minutes."

Yes, but: Despite having access to several secure communications options, federal government officials are likely to be using Signal both to evade public records laws and to bypass cumbersome security controls.

• "If you decide to have your communications out of band in a way that is not trackable or retrievable in response to a FOIA request, what you are doing is circumventing the law," Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, told Axios.

What to watch: So far, the Trump administration hasn't made any broad (public) moves to change its encrypted communications policies to resolve its lingering Signal headaches.

• However, last week, the U.S. Army's CIO office expanded access to Wickr, the Amazon Web Services-owned encrypted communications platform, across the military branch.
• And Wickr and other encrypted communications services like Mattermost appear to still be working with various federal government agencies.

At least 60 mobile operators in 35 countries appear to transport sensitive customer phone data through China-based telecommunications networks, according to a report from iVerify.

Why it matters: Relying on these networks makes customers and travelers more vulnerable to Chinese surveillance, iVerify warns.

Zoom in: Several of these operators are based in U.S.-allied countries, including Japan, Saudi Arabia, South Korea, Taiwan and New Zealand.

• Each of these operators relies on infrastructure from a range of China-based telcos, including China Mobile International, China Telecom Global, China Unicom Global, CITIC Telecom International and PCCW Global Hong Kong.
• Information moving across the China-based networks includes location updates, internet history and text messages, according to the report.

Between the lines: Mobile operators often use one another's networks to ensure customers have service around the world and to facilitate conversations between people using different phone carriers.

• But unless those communications happen on encrypted apps, it's relatively easy for a hacker or government spy to intercept the contents of these messages and phone calls while they're in transit.
• Several surveillance vendors sell spyware and other tools to help enable this type of espionage.
• "Since its inception, the concept of user privacy for international mobility has been more of an afterthought," iVerify notes in its report.

The intrigue: Companies based in China are subject to laws that require them to share customer information with the government.

The big picture: China has a long history of spying on telecommunications networks and hacking high-ranking officials' phones to gain insights about U.S. operations.

• Last year, the U.S. accused China of targeting several politicians' phones in the Salt Typhoon campaign. The New York Times reported that now-President Trump and Vice President JD Vance were among the targets.

What we're watching: iVerify told Axios it's releasing a new tool tomorrow that will help security teams better secure employees' mobile devices when they're traveling to "risky areas."

• The company is also going to make its telecom infrastructure research, such as last week's report, available in its threat intelligence products to help customers better determine the mobile security risks they're susceptible to.

Allegedly stolen datasets from government websites have started to appear more frequently on hacker forums in recent weeks, an executive at a top ransomware negotiation firm told Axios.

Why it matters: The datasets appear to include access to sensitive government systems and details about classified operations.

• If the information is legitimate, cybercriminals could use it to inform future attacks or share it with adversarial governments.

Threat level: Hackers are claiming to have gotten high-level access to the Pentagon's Defense Logistics Agency, broken into defense contractors' systems, and compromised a Pentagon employee's account, according to Kurtis Minder, co-founder and CEO of GroupSense.

• Claims of this nature aren't new, but Minder said his team has seen a spike in the number of reportedly breached government systems in recent weeks.
• While it's unclear what's motivating this spike, Minder noted that "there's always room for this kind of thing" whenever internal organizational processes are "shaken up."

Driving the news: The inspector general's office at the General Services Administration found in a recent audit that officials in the Biden and Trump administrations improperly uploaded sensitive documents to an insecure Google Drive.

Zoom in: In screenshots shared with Axios, hackers are claiming to have access to internal user management systems that log which devices employees are using to access government services and what their security clearance levels are.

• Others are claiming to have accessed accounts with administrator privileges and are selling information about classified logistics operations.
• Another post claims to be selling more than 100 gigabytes of data from various U.S. government agencies, including the NSA, FBI and CIA.

Yes, but: None of these datasets have been validated, and cybercriminals have been known to either lie or embellish their findings in their listings on dark web forums.

• Some of the users sharing these screenshots have a decent reputation, Minder added, and aren't known for sharing fraudulent or overhyped listings.
• Listings for the datasets have also been appearing in certain Telegram channels where administrators vet claims before allowing the posts to be sent, Minder added.

The big picture: The trade war between the U.S. and China promises to escalate each country's espionage campaign against the other.

• China has a long history of hacking defense contractors and other government-adjacent companies to steal U.S. government secrets and inform its own economic investments.

@ D.C.

✂️ Amid broad agency cost-cutting efforts, two CISA leaders overseeing the agency's Secure by Design initiative said they're leaving their roles. (The Record) The agency is also ending its contracts with Google's VirusTotal and Censys. (Nextgov)

💪🏻 Chris Krebs, the CISA director during Trump's first term, is leaving his role at SentinelOne to focus full time on fighting a Justice Department probe into his work. (Axios)

💰 The newly formed CVE Foundation is looking for alternative funding models after CISA nearly ended an essential contract with research lab Mitre last week. (The Register)

@ Industry

📍 Palantir has been developing a new tool for U.S. Immigration and Customs Enforcement that helps detect the physical location of people marked for deportation. (404 Media)

🤖 OpenAI's new o3 and o4-mini models appear to hallucinate more often than older models, according to the company's own internal testing. (TechCrunch)

💸 AuthMind, an identity protection startup, raised $19.3 million in seed funding led by Cheyenne Ventures. (Axios)

@ Hackers and hacks

📲 Apple released a set of software updates to patch two potential zero-day vulnerabilities in iOS. (TechCrunch)

⚠️ The FBI warned that scammers are now posing as employees in its Internet Crime Complaint Center. (BleepingComputer)

🐈‍⬛ Talk about an insider threat we can get behind.

• Sophie the cat — who appears to be a member of the Blue Collar Cats program in D.C., which hunts rats in the city — was found wandering around the White House lawn Friday.
• 😻 She joined the press corps for a bit until her owner was called to come pick her up from her day trip. More pics from the AP here.