- FBI and CISA warn of Russian espionage campaign targeting messaging apps
- Phishing and social engineering are used to hijack Signal and other CMA accounts
- Thousands of victims’ accounts compromised, including government officials, military and journalists
The Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) warn of an ongoing espionage campaign by Russian cyber spies.
In a joint public service announcement (PSA) published late last week, the two agencies said that threat actors affiliated with the Russian Intelligence Service (RIS) are actively targeting commercial messaging applications (CMA). They specifically mentioned Signal, but emphasized that other CMAs are most likely targeted as well.
The victims are mostly current and former US officials, military personnel, political figures and journalists.
The article continues below
After the Dutch
The campaign is not about “breaking” apps by exploiting vulnerabilities or the like. Instead, it is about phishing and social engineering, where the victims end up willingly sharing access.
“RIS cyber actors send phishing messages masquerading as automated CMA support accounts,” the PSA reads. “The actors tailor the messages to trick targets into taking an action, such as clicking a link or entering verification codes or account PINs. If the user performs any of the requested actions, they unwittingly give the actors unauthorized access to their account, either by adding the attacker’s device as a connected device or through a full account takeover.”
About two weeks ago, the Dutch authorities published a similar warning, saying that Russian spies were not only targeting Signal, but also WhatsApp. The General Intelligence and Security Service (AIVD), the Netherlands’ primary civilian intelligence and security agency, said at the time that the campaign was “large-scale” and “global”. The targets were dignitaries, military personnel and civil servants, including Dutch civil servants.
The AIVD believes the campaign is already a success: “The Russian hackers probably gained access to sensitive information through this campaign,” it said, although it did not specify whether they gained access to it from Dutch targets or someone else entirely.
On X, FBI Director Kash Patel echoed those warnings, saying the effort “resulted in unauthorized access to thousands of individual accounts.”
“After gaining access, actors can view messages and contact lists, send messages as a victim, and perform further phishing from a trusted identity,” he warned.
Via Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
