FBI Director Kash Patel warned that cyber actors linked to Russian intelligence services were scamming Signal users.
Earlier this month, the Dutch Military Intelligence and Security Service along with General Intelligence and Security Service warned of a “large-scale global cyber campaign” targeting government officials and journalists, carried out through the attempted hacking of their Signal messaging accounts. Patel confirmed and warned users of the attacks, some of which have targeted “current and former U.S. government officials,” in a Friday statement.
“The @FBI has identified cyber actors associated with Russian Intelligence Services targeting users of commercial messaging applications, including Signal,” he posted on X. “The campaign targets individuals of high intelligence value, including current and former U.S. government officials, military personnel, political figures, and journalists.
“Globally, this effort has resulted in unauthorized access to thousands of individual accounts,” Patel said. “After gaining access, the actors can view messages and contact lists, send messages as the victim, and conduct additional phishing from a trusted identity.”
He specified that the app itself wasn’t vulnerable or compromised, with the cyber actors relying on user error to divulge information. When gaining access to the account, the actors can view the target’s contact list and messages and conduct further phishing attacks from a trusted source.
Patel linked to an FBI PSA on how to spot and avoid the attacks.
The message was similar to that of Dutch intelligence, which also stressed that the attacks didn’t exploit any technical vulnerabilities of the app.
“It is not the case that Signal or WhatsApp as a whole have been compromised. Individual user accounts are being targeted,” Director-General of the AIVD Simone Smit said in a statement.
Signal acknowledged the campaign on March 9, warning users to remain vigilant.
“To be clear: Signal’s encryption and infrastructure have not been compromised and remain robust,” the platform wrote. “These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information — SMS codes and/or Signal PIN — to gain access to users’ accounts.”
Signal, an encrypted communication platform prized for its privacy and security, first entered the U.S. spotlight in the first months of Trump’s second term, when his administration came under scrutiny for sharing potentially classified information about air strikes on Yemen’s Houthis over the app.
