In a recent advisory, the Federal Bureau of Investigation (FBI) has alerted the public to a series of phishing campaigns orchestrated by cyber actors linked to the Russian Intelligence Services (RIS). These campaigns specifically target commercial messaging applications (CMAs), posing a significant threat to users’ personal security.
The RIS actors have successfully compromised individual accounts without breaching the encryption of the messaging applications themselves. Their primary targets include individuals of considerable intelligence value, such as current and former U.S. government officials, military personnel, political figures, and journalists. This global initiative has led to unauthorized access to thousands of CMA accounts, enabling malicious actors to view private messages, access contact lists, send deceptive messages, and launch further phishing attempts against other accounts.
Notably, while reports indicate that Signal accounts are particularly targeted, similar tactics can be applied to other CMAs as well. To mitigate the risk of account compromise, users are encouraged to enhance their personal cybersecurity measures and remain vigilant against social engineering tactics employed by these cyber adversaries.
Understanding the Tactics
The RIS cyber actors often disguise their phishing messages as communications from automated CMA support accounts. These messages are meticulously crafted to mislead targets into taking actions such as clicking on malicious links or providing sensitive information like verification codes or account PINs. If a user inadvertently complies with these requests, they may unwittingly grant the attackers unauthorized access to their accounts, either by linking the attacker’s device or through a complete account takeover.
As this campaign continues to evolve, it is anticipated that the actors may incorporate additional techniques, including malware, to further compromise victims. Phishing remains one of the most rudimentary yet effective methods of cyber intrusion, often rendering advanced protections, such as end-to-end encryption, ineffective. Therefore, CMA users are urged to adopt a proactive stance in recognizing potential phishing attempts and practicing essential cyber hygiene.
Best Practices for Users
- If it feels off, pause: Always approach unknown messages with skepticism.
- Scrutinize links: Before clicking, ensure that links appear legitimate.
- Verify group chats: Regularly check the authenticity of group conversations.
- Stay updated: Keep your applications and devices secure and up-to-date.
- Report phishing: If you encounter suspicious activity, report it immediately.
Users are also encouraged to report incidents to the Internet Crime Complaint Center (IC3) at https://www.ic3.gov/ or contact their local FBI Field Office. In cases of financial or identity fraud, notifying local authorities is also advisable.
