Cybersecurity & Privacy

FBI Warns Russian Hackers Hijacking Signal and WhatsApp Accounts

alex2404
By
alex2404
Byalex2404
Follow:
Disclosure: This website may contain affiliate links, which means I may earn a commission if you click on the link and make a purchase. I only recommend products or services that I personally use and believe will add value to my readers. Your support is appreciated!

Russian intelligence-linked hackers have compromised thousands of Signal and WhatsApp accounts belonging to current and former U.S. government officials, military personnel, political figures, and journalists, the FBI and U.S. Cybersecurity and Infrastructure Security Agency warned Friday.

Contents

According to the announcement, the attackers do not crack encryption or exploit platform vulnerabilities. They use social engineering — impersonating services like “Signal Support” to trick targets into surrendering verification codes or scanning malicious QR codes that hand over account access directly.

Once inside an account, the actors can read message histories, extract contact lists, send messages while impersonating the victim, and launch secondary phishing campaigns against that victim’s trusted contacts — effectively weaponizing a compromised identity against an entire network.

Who Is Behind It

The agencies stopped short of formal attribution, but prior research from Microsoft and Google Threat Intelligence Group has linked the same tactics to Russian-aligned clusters tracked as Star Blizzard, UNC5792 (also known as UAC-0195), and UNC4221 (also known as UAC-0185).

France’s Cyber Crisis Coordination Center, operating under the country’s National Cybersecurity Agency, issued a parallel warning describing a surge in attacks against messaging accounts held by government officials, journalists, and business leaders. Cybersecurity agencies in Germany and the Netherlands raised similar alerts, each describing the same impersonation method involving fake “Signal Support” contacts and QR code lures.

What the Attacks Look Like

FBI Director Kash Patel said in a post on X that the campaign has produced unauthorized access to thousands of individual accounts globally. The approach is precise: targets receive unsolicited messages from what appears to be a known contact or a legitimate platform service, are directed to click a link or scan a code, and lose account control without any breach of the underlying platform’s security architecture.

More Read

CanisterWorm Hits 47 npm Packages in Trivy Supply Chain Attack
Perseus Android Malware Monitors Notes Apps for Financial Data
Oracle Emergency Patch Fixes Critical RCE Flaw CVE-2026-21992
PolyShell Flaw Enables Unauthenticated RCE on Magento Stores
INTERPOL Seizes 45,000 Malicious IPs in Global Cybercrime Sweep

Signal addressed the campaign directly in a post on X earlier this month. “Attackers impersonate trusted contacts or services (such as the non-existent ‘Signal Support Bot’) to trick victims into handing over their login credentials or other information,” the company said, adding that Signal Support will never initiate contact via in-app messages, SMS, or social media to request a verification code or PIN.

The platform was explicit: any message asking for a Signal-related code is a scam.

Users are advised to avoid sharing SMS codes or PINs with anyone, treat unsolicited messages from unfamiliar contacts with skepticism, inspect links before clicking, and regularly audit linked devices — removing any that cannot be identified. Verification codes, both agencies noted, are only legitimately needed at initial account registration and never again.

Photo by Priscilla Du Preez 🇨🇦 on Unsplash

This article is a curated summary based on third-party sources. Source: Read the original article

TAGGED:
Share This Article
Previous Article Bitcoin Trades $66K Below M2 Fair Value as Liquidity Stalls
Next Article Solana DApp Revenue Hits 18-Month Low at $22M
Archives