- FBI and CISA warn of Russian espionage campaign targeting messaging apps
- Phishing and social engineering used to hijack Signal and other CMA accounts
- Thousands of victim accounts compromised, including officials, military personnel and journalists.
The Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) warn of an ongoing espionage campaign by Russian cyber spies.
In a joint Public Service Announcement (PSA) published late last week, the two agencies said that threat actors affiliated with the Russian Intelligence Services (RIS) are actively targeting commercial messaging applications (CMA). They specifically mentioned Signal, but emphasized that they will most likely target other CMAs as well.
The victims are mostly current and former US government officials, military personnel, political figures and journalists.
Article continues below.
Following the Dutch
The campaign does not revolve around “breaking” applications by abusing vulnerabilities or anything similar. Instead, it revolves around phishing and social engineering, where victims end up sharing access voluntarily.
“RIS cyber actors send phishing messages posing as automated CMA support accounts,” the public service announcement reads. “Actors tailor messages to trick targets into taking an action, such as clicking a link or providing verification codes or account PINs. If the user performs any of the requested actions, they unknowingly provide actors with unauthorized access to their account, either by adding the attacker’s device as a linked device or through a full account takeover.”
About two weeks ago, Dutch authorities issued a similar warning, saying that Russian spies were targeting not only Signal, but also WhatsApp. The General Intelligence and Security Service (AIVD), the Netherlands’ main civilian intelligence and security agency, said at the time that the campaign was “large-scale” and “global.” The targets were dignitaries, military personnel and public officials, including Dutch government employees.
AIVD believes the campaign is already a success: “Russian hackers likely gained access to sensitive information through this campaign,” it said, although it did not detail whether they accessed it from Dutch targets or someone else entirely.
In X, FBI Director Kash Patel echoed these warnings, saying the effort “resulted in unauthorized access to thousands of individual accounts.”
“After gaining access, actors can view messages and contact lists, send messages as a victim, and perform additional phishing from a trusted identity,” it warned.
Through Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
