The FBI and CISA are warning that Russian intelligence-linked hackers are actively hijacking accounts on encrypted messaging apps through targeted phishing campaigns.
The activity has already compromised thousands of accounts worldwide, particularly among high-value political and military targets, as also reported recently by authorities in the Netherlands and Germany.
In a joint public service announcement, the agencies detailed an ongoing campaign attributed to cyber actors affiliated with Russian Intelligence Services. The operation focuses on compromising individual accounts on commercial messaging applications, rather than breaching the platforms themselves or weakening their encryption protocols.
According to the FBI, the campaign primarily targets individuals of intelligence interest, including current and former US government officials, military personnel, journalists, and political figures. Investigators note that while multiple messaging platforms may be affected, observed activity has shown a particular emphasis on Signal accounts, a widely used encrypted messaging app known for its strong privacy protections.
FBI
The attackers rely on social engineering techniques to gain access, impersonating official support channels or trusted contacts. Victims receive phishing messages designed to create urgency, often warning of suspicious login attempts or alleged security issues. These messages prompt users to click malicious links, scan QR codes, or share one-time verification codes and PINs.
Two primary attack methods have been identified. The first, dubbed “linked device feature abuse,” tricks users into authorizing an attacker-controlled device to access their account. This allows both the victim and the attacker to simultaneously read messages and monitor conversations. The second method involves full account takeover, where victims are deceived into sharing authentication credentials, resulting in complete loss of account access.
FBI
Once inside an account, the threat actors can harvest message histories, access contact lists, and expand their reach by sending further phishing messages to trusted contacts. This lateral spread significantly increases the campaign’s effectiveness, as messages appear to come from known and credible sources.
The FBI emphasizes that encryption remains intact and uncompromised in these cases. Instead, attackers circumvent these protections entirely by gaining legitimate access to user accounts.
The agencies also warn that tactics may evolve to include the deployment of malware, further increasing the risk to targeted individuals.
Signal, developed by the nonprofit Signal Foundation, is widely regarded as one of the most secure consumer messaging platforms, offering end-to-end encryption and minimal data retention. Its popularity among journalists, activists, and government officials makes it a high-value target for espionage campaigns. However, even the most secure platforms can be undermined if users are deceived into granting access.
Leave a Reply