The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint warning that Russian intelligence-linked hackers are targeting users of the encrypted messaging app Signal through phishing attacks, compromising thousands of accounts worldwide. FBI Director Kash Patel said the campaign focuses on individuals of “high intelligence value,” including U.S. government officials, military personnel, journalists, and political figures.
Scope and Method of the Campaign
The agencies reported that attackers gain access to commercial messaging app (CMA) accounts by tricking users with fake security alerts and phishing messages that prompt victims to click malicious links or share verification codes. Once an account is compromised, hackers can read private messages, access contact lists, impersonate the victims, and use the trusted identity to launch further phishing attacks on others.
According to the FBI and CISA, while individual accounts have been compromised, the messaging apps’ encryption protocols, including Signal’s end-to-end encryption, have not been broken or directly targeted.
Targeted Victims and Risks
The campaign aims at people considered valuable for intelligence gathering or influence campaigns. Director Patel highlighted that U.S. officials and military personnel are among those impacted. The hackers’ ability to send messages from compromised accounts allows them to expand their reach and increase the risk of additional intrusions.
The FBI advises users suspicious of hacking attempts or phishing campaigns related to messaging apps to report incidents through the FBI’s Internet Crime Complaint Center.
Official Responses and Ongoing Concerns
Neither Signal nor the FBI provided additional comments beyond the joint public service announcement. The warning underscores the effectiveness of phishing as an attack vector, even when strong encryption protects the underlying communications.
Users are urged to remain vigilant against unsolicited messages that create urgency or prompt sharing of verification information to reduce the likelihood of such account compromises.
For more stories on this topic, visit our category page.
