Search

FBI Links Signal Phishing Attacks to Russian Intelligence Services

Cyber threats and incidents
By Evan Rowe

Related

Founders, Analysts & Industry Voices

CISO Whisperer/TVC Analyst Official Sales Leaders Rankings

The cybersecurity industry continues to experience one of the...
Read more
Founders, Analysts & Industry Voices

Female Cybersecurity Leaders to Watch in Maryland

Maryland’s cybersecurity leadership bench is shaped by a distinctive...
Read more
Cyber threats and incidents

BuddyBoss Platform Compromised as Hundreds of Websites Are Hacked

What happened BuddyBoss platform compromised as hundreds of websites were...
Read more
Founders, Analysts & Industry Voices

Female Cybersecurity Leaders to Watch in New Jersey

New Jersey’s cybersecurity leadership bench reflects the state’s unusual...
Read more
Cyber threats and incidents

QualDerm Data Breach Exposes Information of 3.1 Million People Across 17 States

What happened A QualDerm data breach exposed information of 3.1...
Read more

Share

What happened

The FBI issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts. According to the FBI, the attacks do not break end-to-end encryption but instead hijack accounts by tricking victims into sharing verification codes or scanning malicious QR codes that link their accounts to attacker-controlled devices. The agency said the activity primarily targets individuals with access to sensitive information, including current and former U.S. government officials, military personnel, political figures, and journalists. The campaigns have already affected thousands of accounts worldwide and are being used to monitor communications, impersonate victims, and launch additional phishing attacks from trusted accounts. 

Who is affected

Users of Signal, WhatsApp, and similar commercial messaging apps are affected, particularly individuals of high intelligence value such as government officials, military personnel, political figures, and journalists. 

Why CISOs should care

The campaign shows how attackers can bypass the practical protections of encrypted messaging platforms through account hijacking, allowing them to access private communications, steal contact lists, and impersonate trusted users without exploiting a software vulnerability. 

3 practical actions

  1. Warn users against sharing verification codes. The FBI said victims are commonly tricked into giving attackers the codes needed to register or link messaging accounts. 
  2. Train users to avoid malicious QR code linking. The campaigns frequently use QR codes to silently connect attacker-controlled devices to victim accounts. 
  3. Monitor for account hijacking indicators. Unauthorized linked devices, suspicious support impersonation messages, and unexpected account actions may signal compromise.

For more coverage of major incidents and threat activity, explore our reporting on Cyberattacks.

Previous article
Microsoft Azure Monitor Alerts Abused in Callback Phishing Campaigns
Next article
Police Take Down 373,000 Fake CSAM Sites in Operation Alice
Founders, Analysts & Industry Voices

CISO Whisperer/TVC Analyst Official Sales Leaders Rankings

The cybersecurity industry continues to experience one of the...
Founders, Analysts & Industry Voices

Female Cybersecurity Leaders to Watch in Maryland

Maryland’s cybersecurity leadership bench is shaped by a distinctive...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.