Hackers associated with Russian intelligence services are targeting popular messaging apps with attacks designed to hijack the accounts of high-profile users, the FBI has warned.
In a joint advisory with the Cybersecuriy and Infrastructure Security Agency (CISA), the FBI said the campaign has already successfully hit thousands of accounts around the world.
“The activity targets individuals of high intelligence value, such as current and former US government officials, military personnel, political figures, and journalists,” the advisory stated.
“After compromising an account, malicious actors can view the victims’ messages and contact lists, send messages, and conduct additional phishing against other CMA (commercial messaging applications).”
Investigations showed that the hackers were specifically targeting Signal users, though the same phishing techniques can be applied to other popular messaging apps like WhatsApp and Telegram.
Signal said in a statement that the hacks were “executed via sophisticated phishing campaigns, designed to trick users into sharing information.”
The authors of the advisory noted that the attackers had not actually broken the encryption or security measures of the apps, only the accounts of individual users through social engineering.
The technique used by the Russian threat actors involves masquerading as an official support account for the app in order to trick a user into clicking on a link or sharing verification codes or PINs.
This can provide attackers with unauthorised access to an account, which can then evolve into even further attacks, like infecting a victim’s device with malware.
The FBI and CISA advised messaging app users to be vigilant and to treat all unexpected messages from unknown contacts with suspicion.
People should also avoid clicking on suspicious links or opening files in order to prevent unauthorized access to their accounts.
Anyone who has already fallen victim to the Russian hacking campaign should file a complaint with the Internet Crime Complaint Center (IC3).
