FBI warns of Russian Intelligence phishing campaign abusing Signal support services to target VIPs and high-value government and military targets — this is how to secure your account | Tech Radar
Overview
News, deals, reviews, guides and more on the newest computing gadgets
Start exploring exclusive deals, expert advice and more
Details
Unlock and manage exclusive Techradar member rewards.
Unlock instant access to exclusive member features.
Get full access to premium articles, exclusive features and a growing list of member rewards.
FBI warns of Russian Intelligence phishing campaign abusing Signal support services to target VIPs and high-value government and military targets — this is how to secure your account
Russian hackers are trying to hijack Signal accounts
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Russian Intelligence are targeting Signal accounts of officials based in Ukraine
They pose as Signal support services and ask users to submit their Backup Recovery Keys
Using these keys, the hackers can hijack the users account and any other accounts created using the same mobile phone number
The FBI has warned Russian Intelligence Services are posing as commercial messaging application support services in order to steal Backup Recovery Keys belonging to targets of high value in the military and government of the US, Europe, and Ukraine.
In a joint warning alongside the CISA and the Security Service of Ukraine (SSU), the FBI outlined the new phishing campaign which seeks to access messaging accounts in order to perform intelligence gathering of secret information.
Specifically, the FBI provided sample phishing lures targeting users of the Signal messaging app. If the hackers successfully lure a victim into sharing their Backup Recovery Key, they can access the account's message history, private and group messages, and fully take over the victim's account.
Russian Intelligence pose as Signal support services
In the FBI warning, the phishing techniques are further detailed. The Russian Federal Security Service (FSB) are targeting government officials, military personnel, political figures, journalists, and key officials from the US and Europe located in Ukraine.
The attackers send emails that appear to be automated messages from Signal, asking users to turn on their message backup using their Backup Recovery Key. Victims are provided with false instructions that instead send the Backup Recovery Key to the attacker, who can then use the key to take over the victim’s account.
i Phone owners urged to change this key privacy setting after FBI recovers suspect’s deleted Signal messages
FBI warns of Kali phishing scam hitting Microsoft OAuth tokens
Hackers target Linked In accounts with devious new phishing attack
Example phishing messages used by Russian Intelligence to obtain Backup Recovery Keys (Image credit: FBI)
In order to establish urgency and trust that the message is legitimate, the attackers posed the phishing message as a protection against recent hacking attempts from “Iran and post-Soviet countries.” In another sample message, the attacker's message says that the victim’s account data “is at risk of permanent loss due to a sync issue.”
If a victim shares their unique Backup Recovery Key, it allows the attacker to hijack their current Signal account alongside any subsequent accounts made with the same phone number.
For users who may fear their Backup Recovery Key has been compromised, users are instructed to use Signal settings to create a new Backup Recovery Key. This new key will invalidate all previous Backup Recovery Keys and prevent account takeover if the previous key was leaked.
In order to avoid falling victim to phishing messages, there are several ways to stay safe:
Support services will generally only communicate with users via an official company email address. Always carefully check communications from the legitimate email address.
Customer support will never request that you supply your Backup Recovery Key via the application
You will never be asked to verify or restore your account via an automated customer support message
In order to further protect your Signal account, or other accounts, against phishing, users should consider the following:
Use phishing resistant multi-factor authentication where possible
Always double check messages and emails are legitimate, and are using an official company email
Never supply your Backup Recovery Keys unless you are actively attempting to regain access to your account via a legitimate service
Follow Tech Radar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
Benedict is a Senior Security Writer at Tech Radar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.
Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.
Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with a robust academic framework for deconstructing complex international conflicts and intelligence operations, and the ability to translate intricate security data into actionable insights.
You must confirm your public display name before commenting
1 How to watch Germany vs Paraguay: Free Streams, TV Channels & Kick-Off time for FIFA World Cup 2026 as Julian Nagelsmann seeks improvement
2 The first Fitbit Air update could fix a major frustration — but Google has shut off a workaround for avoiding the new Google Health app
4 Why spend Mac Book money on a creator laptop when this HP Victus with Ryzen 7 and RTX 4050 graphics is $525 off at Best Buy?
5 Xbox disputes claims GTA 6 is selling 8x more copies on Play Station, but I'm not convinced it's doing great
Tech Radar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.
Key Takeaways
- News, deals, reviews, guides and more on the newest computing gadgets
- Start exploring exclusive deals, expert advice and more
- Unlock and manage exclusive Techradar member rewards
- Unlock instant access to exclusive member features
- Get full access to premium articles, exclusive features and a growing list of member rewards



