alt Hacker News>signal-confirm[.]site is registered in Ukraine
The WHOIS is usually fake made up data so don't know why you are using that to claim it's registered in Ukraine. Russia is also known to use stolen credentials, SIM cards etc. from their neighbouring countries, including Ukraine, for things like this.
Then why should I trust the article at all? If WHOIS data is fake and stolen credentials are common (which I don't disagree with), I could register a domain, put your name on it, and make it look like you're behind the phishing. Would that make it true? After all, in war, deception is a legitimate tactic.