Campaign
Signal linked-device hijacking by Russia-aligned operators
Updated 25.11.2025 08:42
Case score 56
Score breakdown
- Total
- 56
- Lead score
- 56
- Support bonus
- +0 / 20
- Scoring support
- 0
- Context members
- 0
Top contributors
- Campaign Defines the active **Signal** account-hijacking campaign, its Russia-aligned attribution, and its targeting of high-value users. base
Case score 56
Members 1
Latest activity 25.11.2025 08:42
Members 1
First seen 25.11.2025 08:42
Last seen 25.11.2025 08:42
Updated 25.11.2025 08:42
Overview
Russia-aligned operators are hijacking **Signal** accounts by abusing the app's **linked devices** feature. The activity has been visible since the start of the year and is aimed at high-value people in government, military, political, and civil society circles across the United States, the Middle East, and Europe.
The access path depends on social engineering and account-linking abuse rather than a single software flaw. Current evidence points to unauthorized access risk and follow-on impersonation, but it does not provide a public victim count or a confirmed remediation outcome.
Russia-aligned operators are hijacking **Signal** accounts by abusing the app's **linked devices** feature, creating unauthorized access to private conversations and contacts. The activity has been visible since the start of the year and targets high-value individuals, including current and former senior government, military, and political officials, as well as civil society organizations in the United States, the Middle East, and Europe. The access path relies on social engineering and account-linking abuse rather than a single software flaw.
Available evidence says similar mobile-messaging operations in the same period have also used spoofed apps, phishing pages, QR-code device linking, and zero-click exploits. The practical effect is account takeover that can expose messages, support impersonation, and give attackers a durable foothold for follow-on compromise. Available material does not quantify reach, confirm a specific victim set, or describe a public remediation action.