FBI and CISA Warn Russian Intelligence Hackers Hijacking Signal and Other Messaging Accounts
The FBI and the Cybersecurity and Infrastructure Security Agency have issued a joint public service announcement warning that hackers tied to Russian intelligence services are running a global phishing campaign to hijack accounts on Signal and other commercial messaging apps, compromising "thousands" of users. FBI Director Kash Patel said the operation is focused on individuals of "high intelligence value," including current and former U.S. government officials, military personnel, political figures and journalists. According to the PSA, the attackers are not breaking end‑to‑end encryption but instead impersonate app support or send fake security alerts to trick users into clicking malicious links or disclosing verification codes and PINs, allowing the hackers to link their own devices to victims’ accounts. Once in, they can read messages, access contact lists and send messages as the victim, using that trusted identity to launch further phishing attempts. Users who suspect compromise are urged to report to the FBI’s Internet Crime Complaint Center, and the warning underscores that social‑engineering attacks can nullify even strong encryption if users are deceived into handing over credentials.
📌 Key Facts
- FBI and CISA issued a joint PSA warning that Russian intelligence–linked actors have compromised "thousands of individual" commercial messaging app accounts worldwide.
- Targets include U.S. officials, military personnel, political figures and journalists described as individuals of "high intelligence value."
- Officials emphasize that end‑to‑end encryption on apps like Signal has not been broken; instead, attackers use phishing to obtain verification codes or PINs and then take over accounts.
- Compromised accounts allow hackers to read messages, view contacts, send messages as the victim and conduct additional phishing from a trusted identity.
- The PSA directs victims and potential targets to report incidents to the FBI’s Internet Crime Complaint Center.
📊 Relevant Data
Russian cyber actors, including those affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), also known as APT28, have been conducting cyber campaigns targeting U.S. and global critical infrastructure since at least 2020, involving activities such as website defacements, infrastructure scanning, data exfiltration, and data leak operations.
[PDF] Russian Military Cyber Actors Target U.S. and Global Critical ... — media.defense.gov
Russian cyber attacks on the U.S. began as early as 1996 with the Moonlight Maze incident, one of the first nation-state sponsored cyber espionage campaigns, and have continued with major operations like the 2016 DNC hack and the 2020 SolarWinds supply chain attack, affecting government agencies and private companies.
Russia Has Carried Out 20-Years Of Cyber Attacks That Call For ... — Forbes
Phishing attacks are associated with more than 90% of successful cyber attacks, with nearly 1.2% of all emails sent being malicious, translating to 3.4 billion phishing emails daily as of 2026.
81 Phishing Attack Statistics 2026: The Ultimate Insight — Astra Security
Russian cyber espionage has significantly impacted U.S. national security through activities like data exfiltration from government agencies, with operations such as the 2020 SolarWinds hack affecting up to 18,000 organizations including NATO and U.S. government entities.
Billions Spent on U.S. Defenses Failed to Detect Giant Russian Hack — The New York Times
📰 Source Timeline (1)
Follow how coverage of this story developed over time