On March 20, U.S. intelligence officials issued a warning about a Russia-linked cyber campaign targeting users of popular encrypted messaging apps like Signal, which are often used by officials, journalists, and high-profile individuals.
The cyber campaign aims to gain unauthorized access to private conversations by exploiting user weaknesses, not vulnerabilities in the apps themselves.
FBI Director Kash Patel shared the warning on X, emphasizing that the threat primarily lies with the user rather than the platform.
He also confirmed that the cyber effort has already compromised thousands of personal accounts globally, particularly those belonging to current and former U.S. government officials, military personnel, political figures, and journalists.
How the Cyber Campaign Works
According to the FBI, hackers use two primary methods to gain access to encrypted messaging apps:
- Malicious Links or QR Codes: The attacker contacts the victim and sends them a malicious link or QR code. When the victim clicks on the link, the hacker gains access to the victim’s messaging account.
- PIN or 2FA Phishing: The attacker reaches out to the victim, asking for a PIN or Two-Factor Authentication (2FA) code. When the victim provides the requested code, the hacker can either link their own device to the victim’s account or take over the entire account.
Once inside the victim’s account, hackers can view private messages, impersonate the account holder, send messages, conduct phishing activities, and access contact lists.
Signal’s Response to the Attacks
Signal, the free encrypted messaging app, confirmed that the phishing attacks are not a result of a breach of its platform or encryption.
In a series of posts on X (formerly Twitter), Signal reminded users that its encryption infrastructure remains robust and that the attacks were carried out through sophisticated phishing schemes designed to deceive users into sharing sensitive information.
Signal further clarified that the SMS verification code is only needed when first signing up for the app. The company stated, “If anyone asks for any Signal-related code, it is a scam.” Signal emphasized that users should be cautious when asked for their Signal PIN or SMS code after initial setup.
FBI and International Response
The FBI has urged victims of these attacks to report the incident to the Internet Crime Complaint Center (IC3). The global scale of the campaign, which has impacted thousands of users, has raised concerns about the privacy and security of encrypted communication platforms.
The Dutch intelligence and security officials also confirmed that their government employees were targeted in this cyber campaign.
The General Intelligence and Security Service (AIVD) of the Netherlands confirmed that Russian state-sponsored hackers are responsible for a large-scale cyber operation aimed at gaining access to Signal and WhatsApp accounts of dignitaries, military personnel, and civil servants.
