Overview
- FBI and CISA, in a Friday public alert, attributed thousands of Signal and WhatsApp account hijacks to actors tied to Russian intelligence who target officials, military personnel, political figures, and journalists.
- The Russian operation relies on phishing that impersonates app support to push links, request one-time codes or PINs, or prompt approval of linked devices or QR scans, which grants access without defeating end-to-end encryption.
- The FBI separately warned that Iranian Ministry of Intelligence and Security operators deploy Windows malware that connects to Telegram bots for remote control, enabling file theft, screenshots, and even recording of video calls against dissidents and journalists.
- U.S. authorities seized four websites used by the pro-Iran Handala and Homeland Justice groups after linking them to state-directed campaigns, citing activity that included the Stryker intrusion where Microsoft Intune wipes reset tens of thousands of devices.
- Agencies urge users to never share verification codes, verify odd requests out of band, audit linked devices, enable registration locks or PINs, and report incidents, as earlier Dutch and other European warnings show the threat is active and global.