The United States FBI and Cybersecurity and Infrastructure Security Agency (CISA) have released a public service message warning of Russian hacking activity targeting commercial messaging applications (CMAs).
The two agencies note that the campaign, run by hackers linked to Russian Intelligence Services (RIS), is a global one, but this specific warning regards the targeting of individuals in the US.
“RIS actors have compromised individual CMA accounts, but not CMAs’ encryption or the applications themselves,” the joint public service announcement (PSA) said.
“The activity targets individuals of high intelligence value, such as current and former US government officials, military personnel, political figures, and journalists.”
According to the two authoring agencies, the Russian activity has led to the compromise of thousands of user accounts.
The threat actors’ main tactic is to send phishing messages to their targets posing as automated support accounts. There are two active schemes: one using fake support messages to link malicious devices to target accounts, and the other to perform complete account takeover.
The PSA includes several sample phishing messages, with the Signal messaging platform as the target.
“Dear user, this is a Signal Security Support ChatBot,” one message said.
“We have noticed suspicious activity in your device, which could have led to data leak. We have also detected attempts to gain access to your private data on Signal. To prevent this, you have to pass verification procedure, entering the verification code to Signal Security Support ChatBot. DON’T TELL ANYONE THE CODE, NOT EVEN SIGNAL EMPLOYEES.”
CISA and the FBI said users of messaging apps should always be cautious with how and with whom they share information.
“Phishing remains one of the most unsophisticated, yet effective means of cyber compromise, often rendering other protections irrelevant, including end-to-end encryption,” the two agencies said.
“CMA users are urged to be vigilant in identifying potential phishing activity and employing necessary cyber hygiene practices.”
The PSA also included several tips for users to stay safe from phishing messages:
- If it feels off, stop: Don’t engage or share PINs, passwords, or 2FA codes you didn’t initiate.
- Question unexpected messages: Even from “friends”. Verify via another channel before responding.
- Check before you click: Avoid suspicious links, files, or attachments.
- Audit group chats: Look for duplicate or fake accounts and verify participants.
- Use security features: Enable protections like message expiry where appropriate.
- Report fast: Flag incidents to IT/security and relevant authorities.
- Trust only official support: No legit service will ask for codes or send “verify your account” links.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.