Originally reported by The Hacker News
TL;DR
CISA and FBI warned that Russian intelligence-affiliated threat actors are running phishing campaigns to compromise Signal and WhatsApp accounts belonging to individuals with high intelligence value. The government agencies issued the alert to warn users of commercial messaging applications about the ongoing targeting.
FBI/CISA joint advisory indicates confirmed Russian intelligence services targeting high-value individuals through secure messaging platforms. Government attribution to nation-state actors with intelligence collection objectives warrants high severity.
The FBI and CISA issued a joint advisory Friday warning that threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns specifically targeting commercial messaging applications including Signal and WhatsApp. The campaign aims to compromise accounts belonging to individuals deemed to have high intelligence value.
According to the federal agencies, the Russian-affiliated actors are using phishing techniques to seize control of messaging accounts on platforms that millions rely on for secure communications. The advisory specifically mentions Signal and WhatsApp, two applications widely used by government officials, journalists, activists, and security professionals due to their end-to-end encryption capabilities.
The targeting of these platforms represents a strategic shift toward compromising secure communication channels rather than traditional email-based phishing. By gaining access to these accounts, threat actors can intercept sensitive communications and potentially conduct follow-on operations against the victim's contacts.
The FBI and CISA emphasized that the campaign focuses on individuals with "high intelligence value," suggesting the Russian actors are conducting targeted reconnaissance to identify specific victims rather than conducting broad, opportunistic attacks. This targeted approach is consistent with intelligence collection operations typically associated with nation-state actors.
Users of commercial messaging applications, particularly those in government, media, or other sensitive positions, should implement additional security measures including:
The formal attribution to Russian Intelligence Services by both CISA and FBI indicates a high confidence assessment of the threat actors' affiliation. This follows established patterns of Russian intelligence operations targeting Western communications infrastructure and high-value individuals for intelligence collection purposes.
Originally reported by The Hacker News