Russian hackers have compromised thousands of accounts on popular messaging apps used by US government officials, military personnel, politicians, and journalists, US intelligence agencies have warned. The attacks involve impersonating official support accounts and tricking users into sharing verification codes or clicking malicious links.
In a joint statement, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said the scheme allows attackers to take control of victims’ accounts. Once in control, the hackers can impersonate the user and send phishing links to their contacts, spreading the attack further.
One reported tactic involves a fake account called “Signal Support,” which tells users a suspicious login attempt has been detected and instructs them to reply with a verification code. If victims comply, attackers can lock them out of their accounts and continue exploiting their contacts.
The FBI and CISA advise users to treat unknown messages with caution, block and report suspicious contacts, and enable all available security features on messaging apps. Euronews Next reached out to Signal and WhatsApp for comment but did not receive immediate responses.
Similar warnings have emerged in other countries this month. Agencies in Portugal and the Netherlands reported that Kremlin-linked hackers infiltrated the WhatsApp and Signal accounts of government officials, diplomats, and military personnel. Dutch intelligence agencies said Russia targets Signal because of its reputation as a secure, reliable communication channel offering end-to-end encryption.
France’s Cyber Crisis Coordination Center (C4) also issued an alert last week, noting the same threat to messaging accounts of officials.
Signal has confirmed that its infrastructure was not compromised in these attacks. The company emphasized that its support team “will never initiate contact via in-app messages, SMS, or social media” to request verification codes. Signal encouraged users to remain vigilant and warned, “While we build robust technical safeguards, user vigilance is ultimately the best defence against phishing. Please stay alert, and never share your SMS verification code or Signal PIN with anyone.”
Experts say the attacks highlight the growing sophistication of state-backed cyber operations targeting high-value individuals. By exploiting trust in official support channels, hackers can bypass technical safeguards and gain access to sensitive communications.
The FBI and CISA caution that awareness and cautious behavior remain critical. Users are advised to double-check the sender of any unexpected messages, avoid clicking on links from unknown sources, and use multi-factor authentication wherever possible to reduce the risk of account compromise.
This wave of phishing attacks underscores the challenges of maintaining secure communications in an era where state actors increasingly leverage social engineering to gain access to confidential information. Messaging app users connected to government or media organizations are particularly at risk and must remain alert to potential threats.
