Additional Coverage:
- FBI warns Russian hackers targeting Americans on Signal; thousands of accounts compromised (foxnews.com)
FBI and Cybersecurity Officials Issue Urgent Warning: Russian Hackers Targeting Popular Messaging Apps, Including Signal
NATIONAL ALERT – Federal authorities are sounding the alarm over a sophisticated global cyber campaign, allegedly orchestrated by Russian intelligence-linked hackers, that is actively compromising users of popular commercial messaging applications, including Signal. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint warning, revealing that thousands of accounts have already been breached, allowing attackers to access private messages, steal contact lists, and impersonate victims.
FBI Director Kash Patel emphasized the gravity of the situation, stating that individuals of “high intelligence value” are specifically being targeted. This includes current and former U.S. government officials, military personnel, and journalists. The primary concern is that compromised accounts can then be exploited to further spread phishing attacks, leveraging a trusted identity to ensnare more victims.
“This global campaign has resulted in unauthorized access to thousands of individual CMA accounts,” the agencies stated in their public service announcement. “After compromising an account, malicious actors can view the victims’ messages and contact lists, send messages, and conduct additional phishing against other CMA accounts.”
Officials clarified that while Russian Intelligence Services (RIS) actors are behind these attacks, they have not managed to break the encryption of these commercial messaging applications (CMAs) themselves, nor have they compromised the applications’ core infrastructure. Instead, the hackers are relying on the age-old, yet remarkably effective, tactic of phishing.
“Phishing remains one of the most unsophisticated, yet effective means of cyber compromise, often rendering other protections irrelevant, including end-to-end encryption,” the FBI and CISA highlighted.
The modus operandi of these cybercriminals often involves impersonating messaging app support or sending deceptive security alerts designed to create a sense of urgency. These fake notifications prompt users to click on malicious links or divulge sensitive information such as verification codes or PINs. If a user falls prey to these tactics, attackers can then link their own device to the victim’s account or take complete control, enabling them to monitor private conversations and send messages as the victim.
Patel reiterated the potential for these compromised accounts to become launchpads for further malicious activity, warning that actors can “conduct additional phishing from a trusted identity.”
Users who suspect they may have been targeted are strongly encouraged to report incidents to the FBI’s Internet Crime Complaint Center.
While the joint PSA explicitly links these “cyber actors” to Russian Intelligence Services, further specific details regarding this connection were not provided. Neither Signal nor the FBI offered additional comments in response to inquiries.