The services warn. Russians are taking over popular applications

Russian hackers linked to the intelligence services are conducting a broad phishing campaign targeting users of encrypted messengers such as Signal and WhatsApp to take over their accounts and impersonate victims.

The FBI and CISA warn that they are primarily targeting people with “high intelligence value.” These include current and former officials, military personnel, politicians and journalists. Reports indicate that thousands of accounts have already been hacked globally.

The attacks do not break end-to-end encryption or exploit vulnerabilities in the applications themselves. They are entirely based on social engineering. Fraudsters impersonate, among others: to the Signal support department and persuade victims to enter an SMS/PIN code, click a link or scan a QR code, allegedly to verify the account.

• If the victim provides the code/PIN, the attacker recovers the account on his device. This does not give him access to the chat history, but the attacker can read new messages and write on the user’s behalf.
• If the victim clicks the link or scans the QR, the device controlled by the attacker is added as trusted. Then the hacker also sees archived conversations, and the victim still has access to the account, often unaware of the hack.

Cybersecurity agencies from France, Germany and the Netherlands also issued a similar warning, pointing to the growing number of compromised accounts of government, business and media representatives. The campaigns are combined with the Russian Star Blizzard groups, UNC5792 (UAC‑0195) and UNC4221 (UAC‑0185).

To protect yourself, the service and Signal recommend that you never share your verification codes or PIN with anyone. We should treat any such request as an attempt at fraud. We should also be careful with links from unknown contacts and regularly check the list of associated devices and remove suspicious ones.