Cyber Actors Linked to Russia Targeting Users of Messaging Apps, FBI Says

U.S. intelligence officials warned the public on March 20 about a Russia-linked cyber campaign targeting users of popular encrypted messaging apps, such as Signal, to access the private conversations of officials and journalists.

“Globally, this effort has resulted in unauthorized access to thousands of individual accounts,” FBI Director Kash Patel posted on X.

The weakness is not with the messaging applications but with the user, according to the FBI.

Cyber actors use two schemes to access users. One involves the hacker contacting the victim and sending them a malicious link or QR code. The victim clicks the link, which allows the hacker to link to their messaging account and gain access.

The second way the cyber actor can gain access is by sending a message to the victim and asking them for a PIN or 2FA code. The victim gives the hacker a code and then loses access to their account.

“If the user performs any of the requested actions, they unwittingly provide the actors with unauthorized access to their account either by adding the attacker’s device as a linked device or through a full account takeover,” the FBI stated.

The FBI encourages anyone who may have fallen victim to the cyber campaign to file a complaint with the Internet Crime Complaint Center.

The global campaign has resulted in unauthorized access to thousands of personal messaging accounts, the FBI stated in an alert. Those targeted are mainly high-intelligence-value individuals, including current and former U.S. government officials, military personnel, political figures, and journalists.

Once inside the victim’s account, hackers can view messages and contact lists, send messages as the victim, impersonate the account holder, and conduct other phishing activities, according to the FBI.

Signal is a free messaging app that offers end-to-end encrypted texting, voice, group, and video calls. The company alerted users about the phishing attacks on March 9 in a series of X posts.

“We take this very seriously,” Signal stated. “To be clear: Signal’s encryption and infrastructure have not been compromised and remain robust. These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information—SMS codes and/or Signal PIN—to gain access to users’ accounts.”

Signal reminded users that their SMS verification code is only ever needed when they first sign up for the app.

“If anyone asks for any Signal-related code, it is a scam,” Signal stated. “We make this clear when users receive their SMS code during initial signup.”

The warnings came after Dutch intelligence and security officials confirmed that their government employees had become victims of the cyber campaign earlier this month.

“Russian state hackers are engaged in a large-scale global cyber campaign to gain access to Signal and WhatsApp accounts belonging to dignitaries, military personnel, and civil servants,” the General Intelligence and Security Service of the Netherlands stated.