Skip to content
Tech News
← Back to articles

FBI: Russian hackers now target Signal backup recovery keys

2026-06-26 | original
read original more articles
Why This Matters

The FBI and CISA have issued a warning about Russian state-sponsored hackers targeting Signal users to steal backup recovery keys through sophisticated phishing campaigns. This evolution in tactics increases the risk of unauthorized access to sensitive communications for high-value individuals, highlighting the ongoing threat to secure messaging platforms and national security. It underscores the importance for users to remain vigilant against evolving cyber threats and phishing schemes in the digital age.

Key Takeaways

The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has evolved to steal Signal Backup Recovery Keys, allowing attackers to access victims' historical messages.

The updated public service announcement is an update to a March 2026 advisory that warned the threat actors were targeting users of commercial messaging applications, particularly Signal, through phishing campaigns designed to hijack accounts rather than break end-to-end encryption.

"RIS cyber threat actors continue to masquerade as automated CMA support accounts in updated phishing messages but have evolved their tactics to attempt to elicit victims' Backup Recovery Keys," warns an FBI PSA published today.

According to the FBI, the campaign continues to target individuals of high intelligence value, including current and former US and international government officials, military personnel, political figures, journalists, and key officials located in Ukraine.

The agencies attribute the activity to Russian Intelligence Services (RIS), including officers embedded with Russia's Federal Security Service (FSB) Border Guards and other actors working on behalf of the Russian military. The campaign is publicly tracked as UNC5792 and UNC4221.

New phishing tactic targets Signal backups

While the original advisory focused on phishing messages that attempted to steal verification codes or account PINs, or to trick users into linking attacker-controlled devices to their Signal accounts, the updated alert says the attackers have evolved their tactics.

The FBI says the threat actors continue to impersonate Signal support teams, sending phishing messages that falsely claim Signal is introducing mandatory two-factor verification following an alleged wave of attacks by hackers from Iran and post-Soviet countries.

"Recently, attempts to hack users of our messenger with the connection of third-party devices to the account have become more frequent," reads the initial phishing message.

"An investigation conducted jointly with the US government and European partners revealed that the attacks on accounts were carried out by hackers from Iran and post-Soviet countries. In this regard, Signal updates Terms of Service & Privacy Policy, and introduces Mandatory Two-factor Verification for users."

... continue reading

Explore topics: signal fbi russian intelligence phishing backup recovery keys
Related:
FCC accused of hiding Chairman Carr's messages with DOGE and Musk
T-Mobile just made satellite messaging far more practical with new app support
Cybersecurity firms targeted by fraudulent OpenAI organization invites
‘I can’t even keep up’: The long-term harms of tech overload at work—and how to avoid them
Polymarket says hackers stole users’ funds

© 2026 GoKawiil

About | Editorial Policy | Contact