Russian intelligence-linked threat actors are conducting large-scale phishing campaigns targeting Signal and WhatsApp users, including government officials and journalists, to gain unauthorized account access through social engineering.
The FBI and CISA have issued a joint warning about ongoing phishing campaigns targeting popular messaging apps like Signal and WhatsApp. These attacks, attributed to Russian intelligence-linked threat actors, aim to compromise accounts belonging to individuals with high intelligence value, including current and former U.S. government officials, military personnel, political figures, and journalists.
According to FBI Director Kash Patel, the campaign has already resulted in unauthorized access to thousands of individual accounts globally. Once compromised, attackers can view messages and contact lists, send messages as the victim, and conduct additional phishing from a trusted identity.
The attacks exploit social engineering rather than technical vulnerabilities in the messaging platforms' encryption. Threat actors pose as "Signal Support" or similar trusted entities, approaching targets through in-app messages, SMS, or social media. They then attempt to trick victims into clicking malicious links, scanning QR codes, or providing PINs and verification codes.
There are two primary attack methods:
PIN/Verification Code Method: Victims provide their code to attackers, who use it to recover the account on their device. While past messages remain inaccessible, attackers can monitor new messages and impersonate the victim.
Link/QR Code Method: Victims click a link or scan a QR code, linking the attacker's device to their account. This grants access to all messages, including historical conversations, while the victim retains account access unless explicitly removed.
Prior reports from Microsoft and Google Threat Intelligence Group have linked similar campaigns to Russian-aligned threat clusters including Star Blizzard, UNC5792 (UAC-0195), and UNC4221 (UAC-0185). The French Cyber Crisis Coordination Center (C4) has also reported a surge in attacks targeting government officials, journalists, and business leaders through instant messaging accounts.
To protect against these threats, users should:
- Never share SMS codes or verification PINs with anyone
- Exercise caution with unexpected messages from unknown contacts
- Verify links before clicking
- Periodically review and remove suspicious linked devices
- Remember that legitimate support services will never ask for verification codes
Signal has emphasized that their SMS verification code is only needed during initial app setup, and that Signal Support will never initiate contact to request codes or PINs. The company warns that any request for Signal-related codes is a scam.
These phishing campaigns demonstrate how social engineering remains a potent threat vector, even against platforms with strong encryption. By exploiting human trust rather than technical weaknesses, attackers can bypass the very protections these messaging apps are designed to provide.
Comments
Please log in or register to join the discussion