FBI and CISA warn of Russian intelligence posing as Signal support to compromise high-value accounts through phishing attacks targeting former officials, military figures, and journalists.
Russian intelligence-affiliated actors are impersonating Signal customer support services to conduct sophisticated phishing attacks that have compromised thousands of accounts belonging to high-value targets, according to a joint warning from the FBI and Cybersecurity and Infrastructure Security Agency (CISA).
The attackers are specifically targeting individuals with intelligence value, including former government officials, military personnel, politicians, and journalists. By posing as Signal support, they send messages warning recipients about "suspicious activity" on their accounts and urge them to click verification links.
Once victims click these links, the attackers can either connect their accounts to the victim's or completely take over the account if users submit credentials or two-factor authentication codes. This allows the Russians to read and send messages, and gather information from contact lists.
While Signal remains a highly secure messaging platform with robust end-to-end encryption, the FBI and CISA emphasize that even the best encryption cannot protect users who voluntarily provide their credentials to attackers. The agencies have issued standard anti-phishing recommendations, advising users to verify the authenticity of any unexpected account-related messages and never to click suspicious links or provide authentication codes.
This campaign represents a concerning evolution in phishing tactics, as attackers exploit the trust users place in legitimate customer support channels. The targeting of journalists and former officials suggests intelligence-gathering objectives rather than purely financial motives.
The Signal impersonation campaign is part of a broader pattern of Russian cyber operations targeting Western institutions and individuals. Similar tactics have been observed across various platforms, with attackers continuously adapting their methods to exploit user trust and platform features.
For Signal users, the key takeaway is that no amount of technical security can compensate for human error. Users should treat any unsolicited account security messages with extreme skepticism, even if they appear to come from legitimate sources. When in doubt, users should contact the service provider directly through official channels rather than responding to unexpected messages.
This incident underscores the ongoing challenge of balancing user convenience with security in messaging platforms. While Signal's encryption protects message content from interception, social engineering attacks like these demonstrate that the human element remains the weakest link in many security systems.
The FBI and CISA continue to monitor these activities and work with technology companies to identify and mitigate such threats. Users who believe they may have fallen victim to these impersonation attacks are advised to immediately change their passwords and enable additional security measures where available.
Comments
Please log in or register to join the discussion