Overview
- A joint public service announcement reports thousands of accounts worldwide have been compromised, with targets including officials, military personnel, political figures, and journalists.
- Attackers commonly impersonate platform support or trusted contacts to solicit PINs or verification codes or to push malicious QR links that link attacker-controlled devices.
- Compromised accounts let actors read messages and contact lists, join group chats, impersonate victims, and propagate further phishing from a trusted identity.
- Signal and other providers maintain their infrastructure and end-to-end encryption are intact, with compromises stemming from social engineering rather than software vulnerabilities.
- Earlier Dutch and German warnings, along with a new alert from France’s C4, describe the same tactics, and users are urged to never share codes, scrutinize unexpected requests, review linked devices, and report incidents to the FBI’s IC3.