The FBI and CISA have issued a stark warning regarding sophisticated phishing campaigns orchestrated by Russian intelligence-linked hackers. These attacks specifically target users of popular messaging applications like Signal and WhatsApp, aiming to compromise accounts of individuals with high intelligence value. Thousands of accounts have reportedly been accessed globally through these social engineering tactics, bypassing the platforms' robust encryption.

Key Takeaways

• Russian-linked hackers are targeting Signal and WhatsApp users.

• The attacks aim to compromise accounts of high-value individuals, including government officials and journalists.

• Thousands of accounts have already been compromised globally.

• The method involves social engineering and phishing, not exploiting platform vulnerabilities.

The Threat Landscape

Cyber actors affiliated with Russian Intelligence Services are actively engaged in phishing campaigns designed to gain unauthorized access to commercial messaging applications (CMAs) such as WhatsApp and Signal. The primary targets are individuals deemed to have "high intelligence value," a category that includes current and former U.S. government officials, military personnel, political figures, and journalists. These campaigns have already resulted in unauthorized access to thousands of individual accounts worldwide.

How the Attacks Work

These phishing attacks do not exploit any security vulnerabilities within the messaging platforms themselves. Instead, they rely on social engineering tactics to trick users. Attackers often impersonate "Signal Support" or other trusted entities, sending messages designed to create a false sense of urgency. These messages typically claim suspicious account activity or unrecognized login attempts have been detected, prompting the victim to click a link or provide sensitive information.

There are two main outcomes when a victim falls for the scam:

• Providing PIN or Verification Code: If a user shares their PIN or verification code, they lose access to their account. While past messages aren't accessible, the attacker can monitor new messages and send communications impersonating the victim.

• Clicking a Link or Scanning a QR Code: This action links a device controlled by the threat actor to the victim's account, granting them access to all messages, past and present. The victim may retain access unless they manually remove the linked device.

Protecting Yourself

To mitigate the risk of falling victim to these phishing attempts, users are strongly advised to:

• Never share SMS codes or verification PINs with anyone.

• Exercise caution with unexpected messages, even from known contacts.

• Scrutinize links before clicking them and avoid suspicious attachments.

• Periodically review linked devices in app settings and remove any that appear unauthorized.

• Remember that legitimate support services will never ask for verification codes or PINs via direct message or social media.

Signal itself has emphasized that its SMS verification code is only needed during initial app setup, and their support will never request this information. The FBI and CISA recommend reporting any suspected phishing scams to the Internet Crime Complaint Center (IC3) or a local FBI field office.

Sources

• FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks, The Hacker News.

• Russian hackers targeting US officials and journalists on Signal – have accessed ‘thousands’ of accounts, FBIwarns, AOL.com.

• Russian hackers are targeting Signal and WhatsApp users., CyberWire.

• FBI sends 'Russian warning' to Americans; says: Hackers linked to Russia are targeting you on ..., The Times of India.

• Breach Roundup: Russian State Actors Target Signal, WhatsApp, BankInfoSecurity.