Find notable cyber news and cases, enriched with sources, timelines, and signals.
Campaign

Signal linked-device hijacking by Russia-aligned operators

Updated 25.11.2025 08:42
Case score 56
Case score 56 Members 1 Latest activity 25.11.2025 08:42
Members 1 First seen 25.11.2025 08:42 Last seen 25.11.2025 08:42 Updated 25.11.2025 08:42

Overview

Russia-aligned operators are hijacking **Signal** accounts by abusing the app's **linked devices** feature. The activity has been visible since the start of the year and is aimed at high-value people in government, military, political, and civil society circles across the United States, the Middle East, and Europe. The access path depends on social engineering and account-linking abuse rather than a single software flaw. Current evidence points to unauthorized access risk and follow-on impersonation, but it does not provide a public victim count or a confirmed remediation outcome.

Signals

5 derived
Victims/regions
Sector government Sector military Attacker region Russia Victim region United States
Status
Campaign status Active

Malware context

1 families

Member happenings

1 related
Campaign Russia-aligned Signal linked-devices account hijacking campaign
Updated 25.11.2025 08:42 Lead Contribution 56
Campaign Active

**Multiple Russia-aligned threat actors** are running an active **Signal account hijacking** campaign that abuses the app's **linked devices** feature. The operation has been visible **since the start of the year** and targets **high-value mobile messaging users** across the **United States, the Middle East, and Europe**. It matters because compromising an encrypted messaging account can expose private communications and enable follow-on intrusion activity.