ACCORDING to the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), threat actors affiliated with Russian Intelligence Services are carrying out phishing campaigns aimed at commercial messaging apps such as Signal and WhatsApp to take control of accounts with high intelligence value.
FBI Director Kash Patel described the global impact as resulting in unauthorized access to thousands of CMA accounts, enabling the actors to view messages, access contact lists, and send messages as the victim. CISA and the FBI noted that the activity has led to the compromise of thousands of CMA accounts, with attackers seeking to impersonate victims to conduct further phishing.
While the agencies did not attribute the activity to a single threat actor, Microsoft and Google Threat Intelligence Group have linked similar campaigns to multiple Russia-aligned clusters such as Star Blizzard, UNC5792 (aka UAC-0195) and UNC4221 (aka UAC-0185). The alert also highlights social engineering methods, including impersonation of trusted contacts or services like a non-existent “Signal Support Bot,” and cautions users not to share verification codes or PINs.