The FBI (Federal Bureau of Investigation) and CISA (Cybersecurity and Infrastructure Security Agency) warn about ongoing phishing campaigns by hackers associated with the Russian Intelligence Services (RIS) targeting commercial messaging applications (CMAs), like Signal. This activity targets individuals from the current and former US government, officials, military personnel, political figures, and journalists.
FBI warns Russian hackers target Signal in a new phishing campaign
The FBI and CISA, in a statement, specifically mentioned Signal, but note that other CMAs are most likely targeted as well. The main goal of these campaigns is to bypass encryption to compromise individual user accounts. The campaign revolves around phishing and social engineering, where victims willingly share access. It does not exploit any security vulnerability of the apps.
RIS cyber actors reportedly send phishing messages masquerading as automated CMA support accounts. Attackers send such messages in a way that they create a false sense of urgency. It could be something like suspicious account activity or login attempts from an unrecognized device or locations have been detected. They deceive targets into taking an action, such as clicking a link or providing verification codes or account PINs.
If the target goes ahead and performs any of these actions, they unintentionally provide the threat actors with unauthorized access to their account, either by adding the attacker’s device as a linked device or through a full account takeover.
The campaign is already a success
Dutch authorities, earlier this month, published a similar warning. They also said that Russian hackers are targeting WhatsApp and Signal. Investigators from the Netherlands, at that time, said that the campaign was “large-scale” and “global,” linked to Russian state actors. The targets in this case were military personnel, dignitaries, and civil servants.
The General Intelligence and Security Service (AIVD), the Netherlands’ primary civilian intelligence and security agency, notes that the campaign is already a success. “The Russian hackers likely gained access to sensitive information through this campaign,” it said. However, the agency did not reveal whether the attackers accessed it from Dutch targets or someone else.
On X, FBI Director Kash Patel also echoed these warnings. “Globally, this effort has resulted in unauthorized access to thousands of individual accounts. After gaining access, the actors can view messages and contact lists, send messages as the victim, and conduct additional phishing from a trusted identity,” he said.
Similar alerts
There has been a similar alert from the Cyber Crisis Coordination Center (C4), part of the National Cybersecurity Agency of France (ANSSI). They also warned of a surge in attack campaigns targeting instant messaging accounts linked with government officials, business leaders, and journalists. These attacks can allow malicious actors to access conversation histories or even take control of victims’ messaging accounts.
The goal of these campaigns is for threat actors to gain unauthorized access to victims’ accounts. This would allow them to view messages and contact lists, send messages on their behalf, and perform secondary phishing against other targets. A sensible way to stay clear of these attacks is to never share an SMS code or verification PIN with anyone. Stay cautious when receiving messages from unknown contacts, especially if the message contains any links.
The post Is Your Signal Account Safe? FBI Warns About Russian Phishing Campaign appeared first on Android Headlines.
