• FBI warns Russian campaign abusing Signal

    From Mike Powell@1:2320/105 to All on Tue Jun 30 09:26:22 2026
    FBI warns of Russian Intelligence phishing campaign abusing Signal support services to target VIPs and high-value government and military targets this is how to secure your account

    Date:
    Mon, 29 Jun 2026 18:25:00 +0000

    Russian Intelligence are trying to hijack Signal accounts by tricking users into sending their Backup Recovery Keys -- The FBI has warned Russian Intelligence Services are posing as commercial messaging application support services in order to steal Backup Recovery Keys belonging to targets of high value in the military and government of the US, Europe, and Ukraine.

    In a joint warning alongside the CISA and the Security Service of Ukraine (SSU), the FBI outlined the new phishing campaign which seeks to access messaging accounts in order to perform intelligence gathering of secret information. Specifically, the FBI provided sample phishing lures targeting users of the Signal messaging app. If the hackers successfully lure a victim into sharing their Backup Recovery Key, they can access the account's message history, private and group messages, and fully take over the victim's
    account.

    In the FBI warning, the phishing techniques are
    further detailed. The Russian Federal Security Service (FSB) are targeting government officials, military personnel, political figures, journalists, and key officials from the US and Europe located in Ukraine.

    The attackers send emails that appear to be automated messages from Signal, asking users to turn on their message backup using their Backup Recovery Key. Victims are provided with false instructions that instead send the Backup Recovery Key to the attacker, who can then use the key to take over the victims account. In order to
    establish urgency and trust that the message is legitimate, the attackers posed the phishing message as a protection against recent hacking attempts from Iran and post-Soviet countries. In another sample message, the
    attacker's message says that the victims account data is at risk of permanent loss due to a sync issue.

    If a victim shares their unique Backup Recovery Key, it allows the attacker
    to hijack their current Signal account alongside any subsequent accounts made with the same phone number.

    For users who may fear their Backup Recovery Key has been compromised, users are instructed to use Signal settings to create a new Backup Recovery Key. This new key will invalidate all previous Backup Recovery Keys and prevent account takeover if the previous key was leaked.

    In order to avoid falling victim to phishing messages, there are several ways to stay safe:

    Support services will generally only communicate with users via
    an official company email address. Always carefully check communications from the legitimate email address.

    Customer support will never request that you
    supply your Backup Recovery Key via the application

    You will never be asked to verify or restore your account via an automated customer support message

    In order to further protect your Signal account, or other accounts, against phishing, users should consider the following:

    Use a passkey wherever possible. This will use your devices built in biometric verification methods to authenticate your login.

    Use phishing resistant multi-factor authentication where possible

    Always double check messages and emails are legitimate, and are using an official company email

    Never supply your Backup Recovery Keys unless you are actively attempting to regain access to your account via a legitimate service

    Link to news story: https://www.techradar.com/pro/security/fbi-warns-of-russian-intelligence-phish ing-campaign-abusing-signal-support-services-to-target-vips-and-high-value-gov ernment-and-military-targets-this-is-how-to-secure-your-account

    $$
    --- MultiMail/DOS
    * Origin: Capitol City Hub (1:2320/105)