Russia-linked actors target WhatsApp and Signal accounts of officials and journalists via phishing, gaining access to messages and contacts.
Threat actors linked to Russian Intelligence Services are running phishing campaigns to hijack high-value accounts on messaging apps like WhatsApp and Signal, the FBI warns.
“The FBI has identified cyber actors associated with Russian Intelligence Services targeting users of commercial messaging applications, including Signal.” FBI Director Kash Patel wrote on X. “The campaign targets individuals of high intelligence value, including current and former U.S. government officials, military personnel, political figures, and journalists.”
Targets include government officials, military personnel, politicians, and journalists. The attackers do not break app encryption but instead use phishing to gain account access. The attacks have already compromised thousands of accounts worldwide. Once inside, attackers can read messages, access contacts, impersonate victims, and launch further phishing using trusted identities.
Attackers especially target Signal but use similar tactics across other platforms. Users who strengthen their security and stay alert to social engineering attempts can reduce the risk and limit the impact of these attacks.
EXPLORE MORE
Texas Children’s Hospital to create first-ever ‘detransition clinic’ in historic settlement
(LifeSiteNews) — In a historic settlement, the nation’s largest children’s hospital has…
DarkSword emerges as powerful iOS exploit tool in global attacks
DarkSword, a new iOS exploit kit, is used by multiple actors to…
Philadelphia Police Seek Public’s Help Locating Missing Person 56-Year-Old Alexandra Austin and Vehicle from the 35th District
Philadelphia Police Seek Public's Help Locating Missing Person 56-Year-Old Alexandra Austin and…
The war on Iran may become a turning point in the post-Cold War order — RT World News
The US and Israeli attack on Iran in February and their subsequent…
Bill would give Americans enlisted in Israeli army the same benefits as US soldiers
A bill introduced in the 118th Congress would grant U.S. citizens serving…
Venice Biennale jury locks out Russia, Israel
The judges have cited disputed war crimes charges against the countries’ leaders…
Russia-linked actors pose as messaging app support accounts and send phishing messages tailored to trick targets. They push users to click links or share verification codes or PINs. When victims comply, attackers gain access by linking their own device or taking over the account entirely. As the campaign evolves, they may also deploy malware to further compromise victims.
“If the user performs any of the requested actions, they unwittingly provide the actors with unauthorized access to their account either by adding the attacker’s device as a linked device or through a full account takeover.” reads a joint Public Service Announcement (PSA) published by CISA and the Federal Bureau of Investigation. “As the campaign evolves, actors may use additional techniques, such as malware to infect the victim.”
Phishing remains a simple but highly effective way to compromise accounts, bypassing protections like end-to-end encryption by targeting users directly. Attackers trick victims into sharing codes or clicking malicious links, gaining full account access.
Users should stay alert: pause if something feels off, never share PINs or 2FA codes, and treat unexpected messages with suspicion, even from known contacts. Always check links before clicking, verify group members, and use built-in security features.
Report suspicious activity quickly to security teams or authorities. Remember, legitimate app support will never ask for codes or send links to “verify” accounts, always use official channels.
Recently, Dutch intelligence agencies (MIVD and AIVD) also warned of a global campaign by Russia-linked threat actors aiming to compromise Signal and WhatsApp accounts. The operation targets government officials, civil servants, and military personnel, highlighting growing cyber risks to sensitive communications among national security actors.
Russian cyber spies are tricking users into revealing verification codes to hijack Signal and WhatsApp accounts. They impersonate Signal Support or exploit the “linked devices” feature, gaining access to messages and chat groups, potentially exposing sensitive information from government and military targets.
Dutch intelligence warned that Russia targets Signal for its strong end-to-end encryption, aiming to access sensitive government communications. Officials stressed that apps like Signal and WhatsApp should not be used for classified or confidential information.
The government experts pointed out that attackers don’t exploit app vulnerabilities but abuse legitimate features of Signal and WhatsApp. Only individual accounts are targeted, not the platforms themselves, officials say.
