- Russian intelligence targets Signal accounts of Ukraine-based officials
- They pose as Signal support services and ask users to send their backup recovery keys
- Using these keys, hackers can hijack the user’s account and any other accounts created with the same mobile phone number.
The FBI has warned that Russian intelligence services are posing as commercial messaging app support services to steal backup recovery keys belonging to high-value targets in the US military and government, Europe and Ukraine.
In a joint warning together with CISA and the Security Service of Ukraine (SSU), the FBI described the new phishing campaign that seeks to access messaging accounts to collect secret information.
Specifically, the FBI provided examples of phishing lures targeting users of the Signal messaging app. If hackers manage to lure a victim into sharing their backup recovery key, they can access the account’s message history, private and group messages, and take full control of the victim’s account.
Russian intelligence poses as Signal support services
In the FBI warning, phishing techniques are detailed in more detail. Russia’s Federal Security Service (FSB) targets US and European government officials, military personnel, political figures, journalists and key officials located in Ukraine.
The attackers send emails that appear to be automated Signal messages, asking users to activate backup of their messages using their backup recovery key. Victims receive fake instructions that instead send the backup recovery key to the attacker, who can then use the key to take over the victim’s account.
To establish urgency and confidence that the message is legitimate, the attackers framed the phishing message as a protection against recent hacking attempts by “Iran and post-Soviet countries.” In another sample message, the attacker’s message says that the victim’s account data “is at risk of permanent loss due to a synchronization issue.”
If a victim shares their unique backup recovery key, it allows the attacker to hijack their current Signal account along with any subsequent accounts created with the same phone number.
For users who may fear that their backup recovery key has been compromised, they are instructed to use Signal settings to create a new backup recovery key. This new key will override all previous backup recovery keys and prevent account takeover if the old key was leaked.
To avoid falling victim to phishing messages, there are several ways to stay safe:
- Support services will generally only communicate with users through an official company email address. Always carefully review communications coming from legitimate email address.
- Customer support will never ask you to provide your backup recovery key through the app.
- You will never be asked to verify or restore your account through an automated customer support message.
To further protect their Signal account, or other accounts, from phishing, users should consider the following:
- Use a passcode whenever possible. This will use your device’s built-in biometric verification methods to authenticate your login.
- Use phishing-resistant multi-factor authentication whenever possible
- Always verify that messages and emails are legitimate and that they use an official company email.
- Never give out your backup recovery keys unless you are actively trying to regain access to your account through a legitimate service.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
