FBI Links Signal Phishing Attacks to Russian Intelligence Services

What happened

The FBI issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts. According to the FBI, the attacks do not break end-to-end encryption but instead hijack accounts by tricking victims into sharing verification codes or scanning malicious QR codes that link their accounts to attacker-controlled devices. The agency said the activity primarily targets individuals with access to sensitive information, including current and former U.S. government officials, military personnel, political figures, and journalists. The campaigns have already affected thousands of accounts worldwide and are being used to monitor communications, impersonate victims, and launch additional phishing attacks from trusted accounts. 

Who is affected

Users of Signal, WhatsApp, and similar commercial messaging apps are affected, particularly individuals of high intelligence value such as government officials, military personnel, political figures, and journalists. 

Why CISOs should care

The campaign shows how attackers can bypass the practical protections of encrypted messaging platforms through account hijacking, allowing them to access private communications, steal contact lists, and impersonate trusted users without exploiting a software vulnerability. 

3 practical actions

1. Warn users against sharing verification codes. The FBI said victims are commonly tricked into giving attackers the codes needed to register or link messaging accounts. 
2. Train users to avoid malicious QR code linking. The campaigns frequently use QR codes to silently connect attacker-controlled devices to victim accounts. 
3. Monitor for account hijacking indicators. Unauthorized linked devices, suspicious support impersonation messages, and unexpected account actions may signal compromise.

For more coverage of major incidents and threat activity, explore our reporting on Cyberattacks.

John Kevin Hao

+ postsBio ⮌

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

• John Kevin Hao

  Control Systems and Consequence: The CISOs Securing Industrial Automation
• John Kevin Hao

  Policies, Premiums, and Protection: The CISOs Securing America’s Insurance Sector
• John Kevin Hao

  Hackers Use GoogleErrorReport Scheduled Task for Persistence in Dropping Elephant Campaign
• John Kevin Hao

  SolarWinds Appoints Justin Henkel as Chief Information Security Officer