The FBI and CISA have issued a warning regarding Russian and Iranian cyber operations that target high-profile individuals through popular messaging platforms like Signal. These campaigns use sophisticated phishing techniques to gain unauthorized access to thousands of accounts, allowing actors to bypass encryption by compromising the users themselves rather than the software.
Recent intelligence reports indicate that Russian state actors are actively targeting the personal and professional accounts of American government officials, military personnel, and journalists. By sending fraudulent messages disguised as official support notifications, attackers trick victims into providing verification codes or linking unauthorized devices to their accounts. Once a breach occurs, these actors can monitor private conversations, steal contact lists, and use the compromised identity to launch further phishing attacks against the victim's associates.
The federal advisory emphasizes that while Signal is a primary focus, the risks extend to all messaging applications. The agencies clarified that these breaches are not the result of technical vulnerabilities within the apps but are instead focused on social engineering. To combat this, the FBI urges individuals to exercise extreme caution with unverified messages and to strengthen their personal cybersecurity protocols, as even end-to-end encryption cannot protect data if the user’s account access is surrendered to an intruder.
Concerns over secure communication have reached the highest levels of government, with Director of National Intelligence Tulsi Gabbard previously advocating for the use of encrypted platforms among targeted officials. This push for security follows significant breaches of U.S. infrastructure by foreign hackers. In response to these persistent threats, recent legislation signed by President Trump now requires the Department of Defense to provide senior leaders with mobile devices featuring enhanced encryption and cybersecurity protections to safeguard sensitive data.
The need for these protections is highlighted by past security lapses within the Pentagon regarding the use of messaging apps for sensitive military operations. An inspector general report previously found that Defense Secretary Pete Hegseth violated department rules by using Signal to discuss a military strike in Yemen, potentially endangering personnel. This incident was underscored when a transcript of a Cabinet-level Signal chat was leaked after a journalist was accidentally added to a group discussing specific strike timings and aircraft types.
Despite the widespread use of these applications, internal watchdogs have concluded that the Department of Defense still lacks a unified, secure messaging platform dedicated to coordinating sensitive operations. The current reliance on commercial apps, while offering encryption, leaves a gap in oversight and remains vulnerable to the types of user-targeted phishing campaigns described in the FBI’s latest warning. Without a dedicated secure system, officials remain at risk of compromising national security through simple procedural errors or sophisticated social engineering.
Source: https://www.cisa.gov/sites/default/files/2024-12/guidance-mobile-communications-best-practices.pdf