Overview
- A joint public service announcement attributes a worldwide campaign to actors associated with Russian intelligence and confirms unauthorized access to thousands of commercial messaging accounts.
- Targets include individuals of high intelligence value such as current and former U.S. government officials, military personnel, political figures, and journalists.
- Attackers impersonate support, send malicious links or QR codes, and solicit verification codes or PINs to link rogue devices or fully take over accounts, enabling message access and impersonation.
- Signal is cited as a primary focus with similar methods observed against WhatsApp and other apps, and earlier Dutch, German, and French advisories reported the same tactics.
- FBI and CISA urge users to avoid sharing codes or PINs, scrutinize unexpected messages or QR prompts, enable security features, report incidents to IC3 or FBI field offices, and remain alert as tactics could expand to include malware.