Russian intelligence-linked hackers are actively compromising Signal and WhatsApp accounts used by U.S. government officials, military personnel, politicians, and journalists, according to warnings from the FBI and cybersecurity agencies. This isn’t just random hacking; it’s a coordinated campaign to gain access to sensitive communications by exploiting a basic but effective phishing technique.
How the Attacks Work: Impersonating Support
The attackers pose as legitimate support accounts on Signal and WhatsApp, sending messages that falsely claim suspicious login activity. Victims are then tricked into sharing verification codes or PINs, which immediately grants the hackers full control over the compromised accounts. Once inside, the hackers can impersonate the victim, send further phishing links to their contacts, and potentially escalate the attacks.
“User vigilance is ultimately the best defence against phishing,” Signal wrote in response to the attacks.
Why These Apps? The Appeal of Secure Channels
The choice of Signal and WhatsApp is deliberate. Both platforms are known for end-to-end encryption, making them popular among officials who require secure communication. Russia’s interest in Signal, as noted by Dutch intelligence services, stems from its reputation as a reliable and independent channel, making it a high-value target for surveillance.
What Agencies Are Saying: Coordinated Warnings
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint statement last week warning of this scheme. Similar alerts have also been released by agencies in Portugal, the Netherlands, and France, indicating a widespread, coordinated effort to infiltrate secure messaging channels. Despite these attacks, Signal has affirmed that its infrastructure remains uncompromised.
How to Protect Yourself: Simple Steps
The agencies recommend treating unsolicited messages with extreme suspicion. Block and report any unknown sender immediately. Enable all available security features within the messaging apps, including two-factor authentication where possible. Never share verification codes or PINs in response to unsolicited requests, even if they appear to come from official support.
This type of phishing campaign highlights a growing trend: even encrypted platforms are vulnerable if users fall for social engineering tactics. The attacks underscore the importance of constant vigilance and skepticism when interacting with online communications.
