- FBI and CISA warn of Russian spying campaign targeting messaging apps
- Phishing and social engineering used to hijack Signal and other CMA accounts
- Thousands of victim accounts compromised, including officials, military and journalists
The Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) are warning of an ongoing espionage campaign by Russian cyberspies.
In a joint public service announcement (PSA) released late last week, the two agencies said that threat actors affiliated with Russian Intelligence Services (RIS) are actively targeting Commercial Messaging Applications (CMA). They specifically mentioned Signal, but pointed out that other CMAs are most likely targeted as well.
The victims are mostly current and former US government officials, military personnel, political figures and journalists.
Article continues below
Following the Dutch
The campaign is not intended to “break” applications by abusing vulnerabilities, or otherwise. Instead, it’s phishing and social engineering, where victims end up willingly sharing access.
“RIS cyber actors send phishing messages impersonating CMA automated support accounts,” the PSA reads. “The actors tailor messages to trick targets into taking an action, such as clicking a link or providing verification codes or account PINs. If the user performs one of the requested actions, they unwittingly provide the actors with unauthorized access to their account, either by adding the attacker’s device as a linked device or by hijacking the account altogether.”
About two weeks ago, Dutch authorities issued a similar warning, claiming that Russian spies were targeting not only Signal, but also WhatsApp. The General Intelligence and Security Service (AIVD), the Netherlands’ main civilian intelligence and security agency, said at the time that the campaign was “large-scale” and “global”. The targets were dignitaries, military personnel and civil servants, including Dutch government employees.
The AIVD considers the campaign already a success: “Russian hackers probably gained access to sensitive information through this campaign,” it said, without specifying whether they accessed it from Dutch targets or someone else.
On X, FBI Director Kash Patel echoed these warnings, saying the effort “resulted in unauthorized access to thousands of individual accounts.”
“After gaining access, actors can view messages and contact lists, send messages as a victim, and carry out additional phishing from a trusted identity,” he warned.
Via Hacker news
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
