FBI and CISA Issue Urgent Warning on Russian Hackers Targeting Americans via Messaging Apps
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly issued a critical public service advisory, alerting Americans to a sophisticated cyber threat. According to the advisory, hackers associated with Russian Intelligence Services (RIS) are actively targeting users of commercial messaging applications (CMAs), with a particular focus on platforms like Signal.
Scope and Targets of the Cyber Campaign
This global hacking campaign has already resulted in the compromise of thousands of individual accounts. The attackers are specifically aiming at individuals deemed to have high intelligence value, including:
- Current and former U.S. government officials
- Military personnel
- Political figures
- Journalists
While the encryption systems of the messaging apps themselves remain intact and unbreached, the hackers are employing deceptive tactics to bypass user-level security protections. They impersonate trusted contacts or mimic automated support prompts to trick victims into sharing authentication codes, PINs, or clicking on malicious links.
How the Attack Works
The RIS actors execute their campaigns through sophisticated phishing methods. They send tailored messages that appear to come from legitimate CMA support accounts, urging users to take actions such as:
- Clicking on suspicious links
- Providing verification codes
- Sharing account PINs
If a user complies, the attackers gain unauthorized access to the account, either by adding their device as a linked device or through a complete account takeover. Once inside, they can view private messages, access contact lists, send messages, and launch further phishing attacks against other accounts.
Response and Previous Alerts
This warning follows a similar alert issued earlier this month by Dutch intelligence officials, who reported that Russian-backed hackers were targeting WhatsApp and Signal accounts on a global scale. In response to these concerns, Signal confirmed to Reuters that the attacks were carried out via phishing campaigns and emphasized that its encryption and infrastructure had not been compromised.
The FBI and CISA advisory underscores that phishing remains a highly effective method of cyber compromise, often rendering other protections, including end-to-end encryption, irrelevant by directly targeting user accounts.
Recommendations for Protection
To safeguard against these threats, the agencies have provided detailed guidance for CMA users:
- Pause and Verify: If a message feels suspicious, stop all interaction immediately. Never share PINs, passwords, or two-factor authentication codes for actions you did not initiate.
- Treat Unknown Messages with Caution: Be wary of unexpected messages, even from known contacts with unusual requests. Block and report such attempts, and verify through alternate communication methods if needed.
- Scrutinize Links and Files: Inspect all links and attachments before clicking or opening them to avoid malware installation or unauthorized access.
- Monitor Group Chats: Regularly check participant lists for duplicates or fake accounts, and verify authenticity through secure external communication.
- Utilize Security Features: Enable available security settings, such as message expiration features, and stay informed about app updates.
- Report Incidents: Alert organizational security teams, report to the Internet Crime Complaint Center (IC3) or local FBI offices, and notify authorities for financial or identity fraud cases.
- Interact Safely with Support: Remember that legitimate CMA support services will not request verification codes via direct messages or send links to verify accounts—always go directly to official websites or apps.
This advisory highlights the ongoing cyber threats from state-sponsored actors and the importance of vigilance in digital communications. Users are urged to adopt robust cyber hygiene practices to protect their personal and professional information from such sophisticated attacks.
