← All stories
● Covered by 2 sources Β· 2 reportsHigh impact

FBI and CISA Warn of Russian Phishing Attacks on Signal and WhatsApp Accounts

Aggregated by BrevFeed security Β· updated 1d ago
πŸ”– Save

The FBI and CISA have issued an updated warning about Russian intelligence phishing campaigns targeting Signal and WhatsApp accounts. Attackers are using Signal Backup Recovery Keys to hijack accounts, and the U.S. is offering a $10 million reward for information on the group responsible. The campaign has compromised thousands of accounts of high-profile targets, including government officials and journalists.

Key points

Overview of the Attack

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have updated their warning about Russian intelligence phishing campaigns. The campaigns target Signal and WhatsApp accounts, particularly through tactics involving Signal Backup Recovery Keys.

Russian hackers prompt targets to share their Signal Backup Recovery Key, enabling them to hijack accounts by restoring backups. The attackers can read messages and maintain account access even if the phone number is reactivated with a new account.

Background and Targets

Initially warned in March, these phishing operations have been operational since at least then. They involve fake support messages that trick users into relinquishing account information, enabling attackers to compromise accounts completely.

The affected targets are individuals of high intelligence value, such as current and former U.S. and international government officials, military personnel, journalists, and political figures.

Efforts to Counteract the Threat

In response to the ongoing threat, the U.S. government has announced a reward of up to $10 million for information that can help identify or locate the cyber group responsible. This group is linked to Russian intelligence services and has already compromised thousands of accounts.

The updated advisory also outlines steps for users to protect themselves, such as generating a new Signal Backup Recovery Key to invalidate the compromised one and secure future backups.

Why It Matters

This campaign represents a significant cybersecurity threat, as it impacts sensitive communications of government officials and influential figures. The potential access to sensitive information poses national security risks.

The exploitation of Signal's recovery feature highlights the need for enhanced account security measures and vigilance against phishing tactics, particularly those associated with state-sponsored cyber threats.

Takeaways

Users of Signal and WhatsApp, especially those in high-value roles, should be cautious about phishing attempts that seek account recovery information.

Implementing proactive security measures, like regular key updates, and being skeptical of unsolicited messages can mitigate these risks.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

How outlets covered it

The US government announces a reward of up to $10 million for information about a Russian cyber group compromising Signal and WhatsApp accounts. The attackers have targeted thousands of accounts belonging to US government officials and journalists since at least March, utilizing phishing tactics to gain access to sensitive communications.

The FBI and CISA have updated a warning about Russian intelligence phishing tactics that now include prompting users to share their Signal Backup Recovery Key. This allows attackers to hijack accounts, read messages, and maintain access even if the account is reactivated with a different number.