The Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint Public Service Announcement (PSA) warning about an ongoing espionage campaign by Russian cyberspies targeting commercial messaging applications. The campaign, which has already compromised thousands of accounts worldwide, involves phishing and social engineering tactics to gain unauthorized access to user accounts.
The PSA specifically mentions Signal as one of the targeted apps, but notes that other commercial messaging applications (CMAs) are likely being targeted as well. The victims include current and former US government officials, military personnel, political figures, and journalists, among others.
What Happened
The phishing campaign involves Russian Intelligence Services (RIS)-affiliated threat actors sending fake messages to users, masquerading as automated CMA support accounts. These messages are tailored to deceive targets into taking an action, such as clicking a link or providing verification codes or account PINs.
According to the PSA, if the user performs any of the requested actions, they unwittingly provide the actors with unauthorized access to their account either by adding the attacker's device as a linked device or through a full account takeover. This is a significant escalation from earlier Signal phishing waves that targeted verification codes or tricked users into scanning malicious QR codes.
The Dutch General Intelligence and Security Service (AIVD) has also published a similar warning, stating that Russian spies were targeting not only Signal but also WhatsApp. The AIVD believes the campaign is already a success, with the hackers likely gaining access to sensitive information through this campaign.
Background and Context
The FBI and CISA's PSA highlights the growing threat of social engineering attacks in the digital landscape. These types of attacks rely on psychological manipulation rather than technical exploits, making them increasingly difficult to detect and prevent.
Signal has been clear about their communication policy: they do not initiate contact through in-app messages, SMS, or social media. Any account claiming to be Signal Support that asks for verification codes, PINs, or recovery keys is malicious. Period.
The company has rolled out new in-app protections that add extra confirmations when accepting message requests, explicitly reminding users about these policies. European intelligence agencies have documented similar Russian-backed campaigns targeting Signal users through phishing rather than technical exploits.
Why it Matters to the Industry
This campaign highlights the importance of robust security measures for adult-industry platforms and operators. With thousands of compromised accounts worldwide, it's clear that these types of attacks can scale easily and affect a wide range of users.
The techniques used in this campaign are not unique to Signal or WhatsApp; they can be applied to any commercial messaging application. This means that adult-industry platforms must remain vigilant and take proactive measures to protect their users' accounts from social engineering attacks.
Furthermore, the fact that these hackers have not managed to break end-to-end encryption but instead rely on social engineering tactics underscores the importance of user education and awareness in preventing such attacks. Adult-industry platforms can learn from Signal's example and implement similar measures to protect their users' accounts.
What Comes Next
The FBI and CISA's PSA emphasizes the need for basic security measures to prevent these types of attacks. Users are advised to treat unsolicited messages from "Support" inside apps as suspicious by default, never share SMS verification codes or app PINs, and avoid following links in warning messages.
Adult-industry platforms can take a page from Signal's book and implement similar security measures to protect their users' accounts. This includes rolling out new in-app protections, educating users about the risks of social engineering attacks, and staying vigilant against emerging threats.
Key Facts
- The FBI and CISA have issued a joint Public Service Announcement (PSA) warning about an ongoing espionage campaign by Russian cyberspies targeting commercial messaging applications.
- The campaign involves phishing and social engineering tactics to gain unauthorized access to user accounts, with thousands of compromised accounts worldwide.
- Signal is one of the targeted apps, but other commercial messaging applications (CMAs) are likely being targeted as well.
- The victims include current and former US government officials, military personnel, political figures, and journalists, among others.
- The hackers have not managed to break end-to-end encryption but instead rely on social engineering tactics to gain access to user accounts.