U.S. officials warn of a Russian intelligence-linked cyber campaign targeting Signal users to access sensitive communications.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) on Friday warned that cyber actors linked to Russian intelligence services are targeting commercial messaging app accounts in a phishing operation that has already led to unauthorized access to thousands of accounts worldwide.
According to the joint public service announcement, once an account is breached, the attackers can read messages, access contact lists, send messages from the victim’s account, and use that access to go after other users. The agencies said reporting has specifically identified Signal accounts among the targets, though similar tactics could be used against other messaging platforms.
The agencies said that phishing messages that look like they came from automated support accounts in a messaging app are often the first step in the process. The point of those messages is to get people to click on a link, share a code to verify their identity, or give up their account PIN. The statement said that if a target does that, the attackers might be able to connect their own device to the account or take full control of it.
Phishing messages that appear to be from automated support accounts in a messaging app are frequently the initial step in the process, according to the agencies. The purpose of those messages is to persuade recipients to provide their account PIN, click on a link, or share a code to confirm their identity. According to the statement, if a target does that, the attackers may be able to take complete control of the account or connect their own device to it.
Officials also warned that the operation could expand beyond phishing. As it develops, the agencies said, attackers may also use malware to infect victims.
The advisory said phishing remains one of the simplest and most effective ways to break into accounts, even when end-to-end encryption is in place. The agencies said encryption still works, but attackers can get around it by gaining access to a user’s account directly.
The FBI and CISA told people to be careful of messages from people they don’t know, to take their time if a message seems strange, and to never give out their PINs or two-factor authentication codes for actions they didn’t start. The rules also tell people to use the security features that their messaging apps offer, check group chats for fake or duplicate accounts, and look over links and attachments before opening them.
The agencies said legitimate support services usually communicate through official email addresses and do not send direct messages inside an app asking users to verify or restore accounts through a link. Users who suspect a phishing attempt were told to alert their organization’s security team or IT department and report the incident to IC3 or a local FBI field office.
FBI and CISA said users who strengthen their account security and stay alert to social engineering tactics can reduce the risk of compromise.
A global media for the latest news, entertainment, music fashion, and more.
