Campaign
Signal linked-device hijacking by Russia-aligned operators
Updated 25.11.2025 08:42
Case score 56
Why this score?
Case score is a discovery signal based on public evidence, not a guaranteed risk rating. Use it to decide what to review first, then verify important details from the linked sources.
- Total
- 56
- Main story score
- 56
- Related evidence lift
- +0 / 20
- Contributing updates
- 0
- Context updates
- 0
Top contributors
- Campaign Defines the active **Signal** account-hijacking campaign, its Russia-aligned attribution, and its targeting of high-value users. main
Case score 56
Members 1
Latest activity 25.11.2025 08:42
Members 1
First seen 25.11.2025 08:42
Last seen 25.11.2025 08:42
Updated 25.11.2025 08:42
Overview
Russia-aligned operators are hijacking **Signal** accounts by abusing the app's **linked devices** feature. The activity has been visible since the start of the year and is aimed at high-value people in government, military, political, and civil society circles across the United States, the Middle East, and Europe.
The access path depends on social engineering and account-linking abuse rather than a single software flaw. Current evidence points to unauthorized access risk and follow-on impersonation, but it does not provide a public victim count or a confirmed remediation outcome.
Russia-aligned operators are hijacking **Signal** accounts by abusing the app's **linked devices** feature, creating unauthorized access to private conversations and contacts. The activity has been visible since the start of the year and targets high-value individuals, including current and former senior government, military, and political officials, as well as civil society organizations in the United States, the Middle East, and Europe. The access path relies on social engineering and account-linking abuse rather than a single software flaw.
Available evidence says similar mobile-messaging operations in the same period have also used spoofed apps, phishing pages, QR-code device linking, and zero-click exploits. The practical effect is account takeover that can expose messages, support impersonation, and give attackers a durable foothold for follow-on compromise. Available material does not quantify reach, confirm a specific victim set, or describe a public remediation action.
Signals
5 derivedVictims/regions
Sector
government
Sector
military
Attacker region
Russia
Victim region
United States
Status
Campaign status
Active
Malware context
1 familiesMember happenings
1 related
Campaign
Russia-aligned Signal linked-devices account hijacking campaign
Campaign
Active
Campaign
Russia-aligned Signal linked-devices account hijacking campaign
Campaign
Active