Back to News
Cyber Attack

FBI Warns of Russian Phishing Attacks on Signal and WhatsApp

CyberSecurityWaala 6 days ago Mar 21, 2026
FBI Warns of Russian Phishing Attacks on Signal and WhatsApp

U.S. and European cybersecurity agencies are warning that threat actors linked to Russian intelligence services are running large scale phishing campaigns aimed at messaging apps such as Signal and WhatsApp. The goal, according to the FBI and the Cybersecurity and Infrastructure Security Agency, is not to crack encryption or exploit a software flaw, but to trick people into giving away access to their accounts.

How the Attack Works

FBI Director Kash Patel said in a post on X that the campaign targets people with high intelligence value, including current and former U.S. government officials, military personnel, political figures, and journalists. He added that the activity has already led to unauthorized access to thousands of individual accounts worldwide.

Once attackers get in, Patel said, they can read messages, see contact lists, send messages as the victim, and use the trusted account to launch more phishing attempts.

CISA and the FBI said the attackers are relying on social engineering. In practice, that means pretending to be a trusted service, often something like Signal Support, and then pushing the target to click a link, scan a QR code, or share a PIN or verification code.

The agencies stressed that this is an account takeover campaign, not a break of the app’s underlying encryption. In other words, the security of the platform is not being defeated. The person behind the keyboard is.

What Signal Said

Signal responded earlier this month with a warning of its own. The company said these attacks, like all phishing, depend on impersonation and trust. Signal also emphasized that its SMS verification code is only needed when someone first signs up, and that “Signal Support will never initiate contact” by app message, text, or social media to ask for a verification code or PIN.

Signal called any request for such a code a scam.

Why This Attack Matters

The way the attack works can lead to two different outcomes. If a victim shares a PIN or verification code, the attacker can use that information to recover the account on their own device.

The victim may lose access, while the attacker can continue sending messages and monitoring new conversations. If the victim instead clicks a link or scans a QR code, a device controlled by the attacker can be linked to the account.

In that case, the attacker may be able to read older messages too, while the victim may still remain signed in unless the linked device is removed through the app’s settings.

What Researchers and Agencies Are Seeing

Researchers and agencies in several countries have been tracking this activity. Google Threat Intelligence Group have linked similar campaigns to Russia aligned threat clusters they track as Star Blizzard, UNC5792 also known as UAC 0195, and UNC4221 also known as UAC 0185.

In France, the Cyber Crisis Coordination Center, which sits within ANSSI, said it has seen a surge in attacks against messaging accounts used by government officials, journalists, and business leaders. C4 warned that when successful, these attacks can expose conversation histories or let attackers impersonate victims in ongoing chats.

Officials in the Netherlands also issued guidance after seeing the same pattern. The Netherlands Defence Intelligence and Security Service, or MIVD, and the General Intelligence and Security Service, or AIVD, said Russian state backed hackers are engaged in a large scale global cyber campaign against Signal and WhatsApp users.

Their advisory noted that people should watch for suspicious contacts in group chats. If the same name appears twice, or if a contact appears under a slightly different name, that can be a sign that an account has been compromised or that a fake account has been created.

What You Should Do Right Now

For everyday users, the advice is straightforward. Never share an SMS code, PIN, or verification code with anyone. Treat unexpected messages with caution, especially when they ask you to take urgent action.

Check links carefully before opening them, and review linked devices from time to time so you can remove anything that looks unfamiliar. As Signal and the agencies have made clear, the strongest defense here is not a patch. It is skepticism. If a message asks for your code, it is almost certainly the attack.

#CyberSecurity #Phishing #Signal #WhatsApp #FBI #CISA

#CISA #Cybercrime #Malware #Phishing Attack