GoKawiilThe FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts.
The FBI's PSA is the first public attribution linking these campaigns directly to Russian intelligence services, rather than a broader description of just state hackers.
According to the FBI, the campaigns are designed to bypass the protections of end-to-end encryption in commercial messaging apps (CMAs), not by breaking encryption, but through account hijacks.
The FBI says the techniques used in these attacks can be applied to multiple CMAs but predominantly target Signal users.
Depending on the access they obtain, attackers can read private messages and contact lists, impersonate victims, and launch additional phishing campaigns as trusted people.
The FBI says the attacks have affected "thousands" of accounts worldwide and primarily target those with access to sensitive information.
"The activity targets individuals of high intelligence value, such as current and former U.S. government officials, military personnel, political figures, and journalists," reads the FBI's PSA.
The FBI's attribution comes after earlier advisories from Dutch and French cybersecurity authorities that described similar account-hijacking operations.
Earlier this month, Dutch intelligence agencies warned that state-backed attackers were targeting Signal and WhatsApp users in phishing campaigns aimed at gaining access to secure communications.
The advisory highlighted that the attacks relied on tricking users into allowing attackers to add the account to their devices or link attacker-controlled devices to the account.
... continue reading