FBI and CISA Warn Russian Intelligence Is Posing as Signal Support Staff to Hijack Accounts
Phishing campaign targets messaging app users by impersonating customer support services
The campaign involves convincing targets they are communicating with legitimate support staff, then tricking them into revealing account credentials or clicking malicious links. The attackers have focused on Signal due to its widespread use among journalists, activists and government officials.
CISA and the FBI said the operation is part of a broader pattern of Russian intelligence services targeting secure communications platforms. The agencies urged users to verify any support communications through official channels and to enable two-factor authentication.
The warning also noted that the same threat actors have been observed targeting other commercial messaging applications using similar social engineering techniques. The agencies did not specify which Russian intelligence unit is behind the campaign.
Analysis
Why This Matters
Signal is trusted precisely because of its security reputation. Attacks that exploit that trust through social engineering rather than technical vulnerabilities are particularly dangerous because they bypass encryption entirely.
Background
Russian intelligence services have a long history of targeting encrypted communications. This latest campaign follows previous efforts to compromise Signal through linked device exploits documented in early 2025.
Key Perspectives
Security researchers note that no messaging app can protect against users voluntarily handing over credentials. The human element remains the weakest link in even the most secure systems.
What to Watch
Whether Signal and other messaging platforms implement additional verification mechanisms to help users distinguish legitimate support communications from impersonation attempts.