Russian hackers go after high-value targets through Signal
Russian intelligence-linked hackers are targeting commercial messaging platforms, with Signal a primary focus, the FBI and CISA warn. The campaign is aimed at individuals of intelligence interest, including government personnel, journalists, and others with access to sensitive communications.
It is believed that the campaign has compromised thousands of commercial messaging applications accounts.
People who use these applications can develop a false sense of security, believing they are protected from hacking. Criminals exploit this through phishing to gain access, rather than targeting the applications or their encryption directly.
Two years ago, CISA advised highly targeted individuals, including senior government officials and politicians, to secure their smartphones and use Signal or similar apps for sensitive communications.
“While encryption remains effective, phishing allows malicious actors to bypass it by gaining access to user accounts,” authorities warn.
Dutch and German security authorities were among the first to identify attempts against Signal and WhatsApp.
The scheme centers on Signal’s “linked devices” feature. Attackers contact targets while posing as trusted entities, including support teams or known contacts.
Victims are then prompted to scan a QR code or approve a device link request. Once approved, the attacker’s device is linked to the account, allowing messages to be read as they are sent and received.
In other cases, attackers move to take over the account. They persuade users to share one-time verification codes or PINs, often framed as a security step. With those details, the account is registered on a new device and the original user is locked out.
“As the campaign evolves, actors may use additional techniques, such as malware to infect the victim,” the FBI said in a statement.
Authorities urge users of commercial messaging applications to remain vigilant for phishing activity and follow basic cyber hygiene practices. They also advise caution when sharing or discussing sensitive information on these platforms.
The FBI and CISA issued guidance to help users identify suspicious messages and protect against malicious cyber activity.