U.S. officials are warning of a sweeping cyber campaign linked to Russian intelligence services that is targeting users of popular encrypted messaging applications, including Signal, in an effort to gain access to sensitive communications.
According to a joint public service announcement from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), the campaign focuses on individuals deemed to have “high intelligence value,” including current and former U.S. government officials, military personnel, political figures and journalists. The activity has already led to unauthorized access to thousands of accounts worldwide.
FBI Director Kash Patel highlighted the threat in a public statement, emphasizing that the vulnerability lies not within the apps themselves, but in how users respond to increasingly sophisticated phishing attempts.
Officials said the attackers are not breaking encryption. Instead, they are exploiting human behavior. The actors rely on social engineering tactics to trick users into granting access, effectively bypassing traditional security protections.
Once inside an account, hackers can read messages, access contact lists, impersonate the victim and launch additional phishing attacks from what appears to be a trusted source. This can quickly expand the scope of the breach, allowing attackers to compromise multiple accounts in a chain reaction.
Investigators have identified two primary methods used in the campaign. The first involves abusing “linked device” features. In this scenario, attackers impersonate a trusted contact and send a malicious link or QR code. If the victim interacts with it, the attacker can link their own device to the victim’s account, gaining ongoing access without immediately locking the user out.
The second method is a full account takeover. Victims receive messages posing as official support notifications, urging them to share verification codes or two-factor authentication (2FA) credentials. Once those details are handed over, attackers can seize control of the account entirely.
Examples of these phishing messages often mimic legitimate security alerts, warning users of suspicious login attempts or urging them to complete a “verification” process. In reality, these messages are designed to create urgency and override skepticism.
Despite the technical sophistication of encrypted messaging platforms, officials stress that phishing remains one of the most effective forms of cyberattack because it targets individuals directly.
The agencies said the campaign does not compromise encryption itself, but instead targets individual user accounts through phishing.
Authorities are urging users to adopt stronger cyber hygiene practices, including never sharing verification codes, scrutinizing unexpected messages and verifying requests through separate communication channels. Users should also review account settings regularly, enable security features and report suspected incidents promptly.
The FBI recommends reporting compromises to the Internet Crime Complaint Center (IC3) or contacting a local field office.
As the campaign evolves, officials warn that attackers may incorporate additional tactics, including malware, making vigilance critical. You can find more information by clicking here.
