- Russian intelligence targets Signal accounts of Ukraine-based officials
- They pose as Signal support services and ask users to submit their backup recovery keys.
- Using these keys, hackers can hack the user’s account and any other accounts created using the same mobile number.
The FBI has warned that Russian intelligence services are posing as commercial email application support services to steal backup recovery keys belonging to high-value military and government targets in the United States, Europe and Ukraine.
In a joint warning alongside CISA and the Security Service of Ukraine (SSU), the FBI outlined the new phishing campaign that aims to gain access to email accounts in order to carry out secret information gathering.
Specifically, the FBI provided examples of phishing lures targeting users of the messaging app Signal. If hackers successfully trick a victim into sharing their backup recovery key, they can access the account’s message history, private and group messages, and take full control of the victim’s account.
Russian Intelligence Poses as Signals Support Services
In the FBI warning, phishing techniques are more detailed. The Russian Federal Security Service (FSB) targets government officials, military personnel, political figures, journalists, and key U.S. and European officials located in Ukraine.
Attackers send emails that appear to be automated messages from Signal, asking users to enable backup of their messages using their backup recovery key. Victims receive fake instructions that instead send the backup recovery key to the attacker, who can then use the key to take over the victim’s account.
To establish urgency and ensure legitimacy of the message, the attackers presented the phishing message as protection against recent hacking attempts from “Iran and post-Soviet countries.” In another example message, the attacker’s message states that the victim’s account data “may be permanently lost due to a synchronization issue.”
If a victim shares their unique backup recovery key, this allows the attacker to hijack their current Signal account as well as any subsequent accounts created with the same phone number.
For users who are concerned that their backup recovery key has been compromised, users are advised to use Signal settings to create a new backup recovery key. This new key will invalidate all previous backup recovery keys and prevent account takeover if the previous key was leaked.
To avoid falling victim to phishing messages, there are several ways to stay safe:
- Support services will generally communicate with users only through an official company email address. Always carefully review communications from the legitimate email address.
- Customer support will never ask you to provide your backup recovery key through the app
- You will never be asked to verify or restore your account via an automated customer support message.
To further protect your Signal account, or other accounts, from phishing, users should consider the following:
- Use a password whenever possible. This will use your device’s built-in biometric verification methods to authenticate your connection.
- Use phishing-resistant multi-factor authentication when possible
- Always verify that messages and emails are legitimate and use an official company email address.
- Never provide your backup recovery keys unless you are actively trying to regain access to your account through a legitimate service.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
