Russian‑Linked Hackers Target Messaging App Users * Science and Technology Times

Russian‑aligned cyber actors have been breaking into accounts on secure messaging apps, according to a new U.S. government advisory.
The FBI and CISA say the attackers are not defeating encryption but exploiting users through social engineering.
Officials warn that high‑value targets, including government personnel and journalists, are most at risk.

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning that hackers linked to Russian intelligence services are targeting users of popular encrypted messaging applications. Their alert states that thousands of accounts have already been compromised, although the agencies did not provide technical specifics about the intrusions. Investigators emphasized that the attacks do not stem from weaknesses in the apps’ encryption or core infrastructure. Instead, the threat actors rely on impersonation and social engineering to trick users into revealing authentication codes.

According to the advisory, the campaign focuses on individuals considered to have “high intelligence value.” This group includes current and former U.S. government officials, military personnel, political figures, and journalists. Attackers appear to be exploiting the trust users place in security notifications, crafting messages that mimic legitimate verification prompts. By persuading targets to share one‑time login codes, the hackers can gain access to accounts without needing to break encryption. The agencies note that this method allows attackers to bypass protections that would otherwise prevent unauthorized entry.

Signal, one of the messaging platforms mentioned in the advisory, did not immediately respond to requests for comment. The Russian embassy in Washington also did not issue a statement regarding the allegations. The U.S. warning aligns with a similar alert released earlier this month by Dutch intelligence officials. They reported that Russian‑backed groups had launched a global campaign aimed at accessing Signal and WhatsApp accounts used by government employees and other sensitive targets. These findings suggest a coordinated effort rather than isolated incidents.

Social Engineering as a Growing Threat

In response to the Dutch report, Signal stated that the attacks were carried out through “sophisticated phishing campaigns” designed to deceive users into sharing sensitive information. The company reiterated that its encryption protocols and backend systems had not been compromised. This distinction is important because it highlights that the attackers are exploiting human behavior rather than technical vulnerabilities. Messaging apps that rely on end‑to‑end encryption remain secure at the protocol level, but users can still be manipulated into unintentionally granting access.

The advisory underscores a broader trend in cybersecurity: attackers increasingly target people rather than software. Even well‑designed security systems can be undermined when users are tricked into handing over authentication data. Phishing campaigns have become more sophisticated, often mimicking official communications with high accuracy. These tactics can be especially effective against individuals who regularly receive security‑related messages as part of their work. As a result, organizations must focus not only on technical defenses but also on user education and awareness.

Security experts note that multi‑factor authentication remains a strong defense, but only when users understand how verification codes should be handled. Attackers often create a sense of urgency, prompting victims to respond quickly without verifying the legitimacy of the request. This psychological pressure is a key component of successful phishing attempts. Training programs that teach users to recognize suspicious prompts can reduce the likelihood of compromise. However, such programs must be updated regularly to keep pace with evolving tactics.

High‑Value Targets Under Increased Pressure

The focus on individuals with access to sensitive information suggests that the attackers are pursuing intelligence‑gathering objectives. Government officials, military personnel, and journalists often communicate with sources who require confidentiality. Unauthorized access to their messaging accounts could expose private conversations, strategic plans, or investigative work. This risk extends beyond the individuals themselves, potentially affecting national security and diplomatic relations. The advisory encourages organizations to review their security practices and ensure that employees understand the importance of safeguarding authentication codes.

Journalists are particularly vulnerable because they frequently communicate with anonymous sources. A compromised account could reveal the identity of individuals who rely on confidentiality for safety. Political figures also face heightened risks, as intercepted communications could be used for influence operations or disinformation campaigns. The advisory highlights the need for targeted groups to adopt stricter security habits. Regularly reviewing account activity and enabling additional verification steps can help reduce exposure.

International Warnings Highlight a Global Issue

The alignment between U.S. and Dutch intelligence warnings indicates that the threat is not limited to one region. Russian‑linked cyber groups have a long history of targeting government and media organizations worldwide. Their interest in messaging apps reflects the growing importance of encrypted communication in both professional and personal contexts. As more sensitive conversations move to digital platforms, attackers are adapting their methods accordingly. International cooperation among cybersecurity agencies may help identify patterns and disrupt ongoing campaigns.

The advisory also serves as a reminder that encryption alone cannot guarantee security. While end‑to‑end encryption protects messages from interception, it does not prevent attackers from gaining access through stolen credentials. Users must remain vigilant and treat unexpected verification requests with caution. Messaging platforms may need to explore additional safeguards, such as improved warnings about phishing attempts or enhanced account recovery procedures. These measures could help reduce the effectiveness of social engineering attacks.