- FBI and CISA warn of Russian espionage campaign targeting messaging apps
- Phishing and social engineering used to hijack Signal and other CMA accounts
- Thousands of victims’ accounts compromised, including officials, military, and journalists
The Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) are warning about an ongoing espionage campaign by Russian cyberspies.
In a joint Public Service Announcement (PSA) published late last week, the two agencies said Russian Intelligence Services (RIS)-affiliated threat actors are actively targeting commercial messaging applications (CMA). They specifically mentioned Signal, but stressed that other CMAs are most likely targeted, as well.
The victims are mostly current and former US government officials, military personnel, political figures, and journalists.
Article continues below
Following the Dutch
The campaign does not revolve around “breaking” the apps by abusing vulnerabilities, or similar. Instead, it revolves around phishing and social engineering, where the victims end up sharing access willingly.
“RIS cyber actors send phishing messages masquerading as automated CMA support accounts,” the PSA reads. “The actors tailor the messages to deceive targets into taking an action, such as clicking a link or providing verification codes or account PINs. If the user performs any of the requested actions, they unwittingly provide the actors with unauthorized access to their account either by adding the attacker’s device as a linked device or through a full account takeover.”
Roughly two weeks ago, Dutch authorities published a similar warning, saying that Russian spies were targeting not only Signal, but WhatsApp, as well. The General Intelligence and Security Service (AIVD), the Netherlands’ primary civilian intelligence and security agency, said at the time that the campaign was “large-scale”, and “global”. Targets were dignitaries, military personnel, and civil servants, including Dutch government employees.
AIVD believes the campaign is already a success: “The Russian hackers likely gained access to sensitive information through this campaign,” it said, although it did not detail if they accessed it from Dutch targets or someone else entirely.
On X, FBI Director Kash Patel echoed these warnings, saying the effort “resulted in unauthorized access to thousands of individual accounts.”
“After gaining access, the actors can view messages and contact lists, send messages as the victim, and conduct additional phishing from a trusted identity,” he warned.
Via The Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must be logged in to post a comment Login