- Russian intelligence is targeting Signal accounts of officials based in Ukraine
- They act as signal support services and ask users to submit their backup keys
- By using these keys, the hackers can hijack the user’s account and all other accounts created with the same mobile phone number
The FBI has warned that Russian intelligence agencies are posing as commercial messaging application support services to steal backup keys belonging to high-value military and government targets in the United States, Europe and Ukraine.
In a joint alert with CISA and the Security Service of Ukraine (SSU), the FBI outlined the new phishing campaign that seeks to gain access to messaging accounts to conduct intelligence gathering of classified information.
Specifically, the FBI provided examples of phishing lures targeting users of the Signal messaging app. If the hackers successfully trick a victim into sharing their backup key, they can gain access to the account’s message history, private and group messages, and fully take over the victim’s account.
Russian intelligence constitutes signal support services
In the FBI warning, the phishing techniques are further detailed. The Russian Federal Security Service (FSB) is targeting government officials, military personnel, political figures, journalists and key US and European officials in Ukraine.
The attackers send emails that appear to be automated messages from Signal, asking users to turn on their message backup using their Backup Recovery Key. Victims are given fake instructions that instead send the Backup Recovery Key to the attacker, who can then use the key to take over the victim’s account.
To establish urgency and trust that the message is legitimate, the attackers presented the phishing message as a defense against recent hacking attempts from “Iran and post-Soviet countries.” In another sample message, the attacker’s message says that the victim’s account data “is at risk of permanent loss due to a synchronization issue.”
If a victim shares their unique Backup Recovery Key, it allows the hacker to hijack their current Signal account along with any subsequent accounts created with the same phone number.
For users who may fear that their backup recovery key has been compromised, users are instructed to use signal settings to create a new backup key. This new key will invalidate all previous backup recovery keys and prevent account takeover if the previous key was leaked.
To avoid falling victim to phishing messages, there are several ways to be safe:
- Support Services will generally only communicate with users via an official company email address. Always carefully check communications from the legitimate email address.
- Customer support will never request that you provide your backup recovery key through the application
- You will never be asked to verify or restore your account via an automated customer support message
To further protect your Signal account or other accounts from phishing, users should consider the following:
- Use an access key where possible. This will use your device’s built-in biometric verification methods to authenticate your login.
- Use phishing-resistant multi-factor authentication where possible
- Always double check messages and emails are legitimate and use an official company email
- Never give out your backup recovery keys unless you are actively trying to regain access to your account through a legitimate service
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
