Russian Hackers Target Messaging App Users

Cybercriminals linked to Russian intelligence are conducting a broad global campaign against users of popular messaging apps, such as Signal. This alarming activity involves accessing private messages and impersonating victims, as revealed in a joint warning by the FBI and U.S. cybersecurity officials, including FBI Director Kash Patel.

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) noted that this operation has already compromised thousands of individual accounts on commercial messaging apps. This breach enables attackers to read private messages, access contact lists, and send messages as if they were the victims.

Patel emphasized that the campaign is primarily targeting individuals of “high intelligence value,” which includes U.S. government officials, military personnel, and journalists. The situation is concerning since it has led to a widespread compromise of these accounts.

He cautioned that attackers could leverage these compromised accounts to impersonate the victims, using their trusted identity to deceive and target others.

“This global campaign has led to unauthorized access to numerous CMA accounts,” said the agency in their statement. “Once an account is compromised, an attacker can view the victim’s messages and contact list, send messages, and conduct phishing attempts on additional accounts.”

Officials suspect that the operation is tied to individuals associated with Russian intelligence and is aimed at targets who are deemed to hold significant intelligence value. This includes current and former U.S. officials, military personnel, and journalists.

Importantly, the FBI and CISA clarified that while attackers compromised individual accounts, they did not breach the encryption of the CMA itself. The tactic relied heavily on tricking users via phishing schemes, rather than breaking into the encryption protocols of apps like Signal.

“Phishing remains a straightforward but remarkably effective approach to cyber-attacks, often rendering other protective measures useless,” the agencies noted.

Officials pointed out hackers often pretend to be customer support from messaging apps or send fake security alerts. This creates a sense of urgency, tricking users into clicking malicious links or disclosing verification codes or PINs. Should users comply, attackers could link their device to the compromised account or take complete control. This would allow them to oversee private conversations and impersonate the victim.

Patel warned that access to these accounts could enable cybercriminals to engage in further phishing operations. “An attacker who gains access can view messages and contact lists, send messages as the victim, and conduct more phishing from a trusted identity,” he said.

The PSA advised users who suspect they have been targeted to report the incident to the FBI’s Internet Crime Complaint Center.

The connection to “cyber actors” associated with Russian intelligence services was not elaborated upon in the agencies’ announcement. Signal has yet to respond to requests for comment, and the FBI did not provide additional information.