The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly issued a public service announcement (PSA) to warn the public about ongoing phishing campaigns by cyber actors associated with the Russian Intelligence Services (RIS) targeting commercial messaging applications (CMAs). RIS actors have compromised individual CMA accounts, but not CMAs’ encryption or the applications themselves. The activity targets individuals of high intelligence value, such as current and former U.S. government officials, military personnel, political figures, and journalists.
This global campaign has resulted in unauthorized access to thousands of individual CMA accounts. After compromising an account, malicious actors can view the victims’ messages and contact lists, send messages, and conduct additional phishing against other CMA accounts. (Note: reporting shows that the threat actors specifically target Signal accounts but can apply similar methods against other CMAs). CMA users who strengthen their personal cybersecurity and defend against social engineering attempts can reduce the risk of account compromise and limit the effectiveness of the threat actors’ current tactics, techniques, and procedures.
The original announcement can be found here.
