Find notable cyber news and cases, enriched with sources, timelines, and signals.

Russian state-sponsored hackers' ongoing Signal and WhatsApp phishing campaign

Campaign
First reported
Last updated
Happening score
H score 38
4 unique sources, 7 articles

Summary

Hide ▲

An ongoing Russian intelligence-linked phishing campaign is targeting Signal and WhatsApp users and has evolved from stealing verification codes and account PINs to stealing Backup Recovery Keys through impersonated support messages. The latest FBI and CISA update says the attackers now try to elicit recovery keys so they can restore Signal's Secure Backups on their own devices and read historical messages, including private and group conversations. The campaign continues to target high-intelligence-value individuals, and the U.S. government says thousands of individual accounts for commercial messaging applications were compromised.

Related Happenings

Meta For Business Facebook Messenger fake-verification phishing campaign

Campaign
H score29 First: 07.07.2026 10:00 Last: 07.07.2026 10:00 Sources 1

About this happening: A **phishing campaign** abused **Facebook Messenger chatbots** and fake verification lures to steal **Meta For Business** credentials and sensitive identity data, creating account...

Russian intelligence Signal recovery-key phishing campaign

Campaign
H score29 First: 29.06.2026 11:15 Last: 29.06.2026 11:15 Sources 1

About this happening: An active **Russian intelligence** phishing campaign is impersonating **Signal** support to steal **Backup Recovery Keys**, **verification codes**, and **account PINs**, putting *...

Russian intelligence services fake support SMS messaging-account phishing campaign

Campaign
H score29 First: 27.06.2026 20:27 Last: 27.06.2026 20:27 Sources 1

How related: “UNC5792 has conducted widespread phishing campaigns targeting Signal and WhatsApp accounts of U.S. government officials, military leadership, and allied personnel.”

About this happening: A **long-running phishing campaign** by **Russian intelligence services** is stealing **messaging-account credentials** from officials, military personnel, politicians, and activi...

Signal Backup Recovery Key phishing mitigation

Advisory/Mitigation
H score25 First: 27.06.2026 01:06 Last: 27.06.2026 01:06 Sources 1

How related: The updated advisory reminds users that legitimate messaging application support teams only communicate through official company email addresses, never request verification codes within the application, and do not send links asking users to verify or restore their accounts.

About this happening: The **FBI** and **CISA** updated mitigation guidance for **Signal users** after a phishing operation began targeting **Backup Recovery Keys**, which can expose **historical messag...

WhatsApp VBScript phishing campaign targeting users in multiple countries

Campaign
H score43 First: 23.06.2026 01:42 Last: 23.06.2026 01:42 Sources 1

About this happening: An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...

Timeline

  1. 27.06.2026 01:06 3 articles · 12d ago

    FBI warns Signal phishing campaign now targets Backup Recovery Keys

    Technical Analysis Update

    FBI and CISA warn that the Russian intelligence services-linked Signal phishing campaign has evolved from stealing verification codes, account PINs, and linked-device access to eliciting victims' Backup Recovery Keys through impersonated Signal support messages. If a target provides the key, attackers can restore Signal's Secure Backups on their own devices and read historical messages, including private and group conversations, while the campaign continues to target high-intelligence-value individuals.

    Show sources
  2. 09.03.2026 23:24 4 articles · 4mo ago

    Dutch intelligence and Signal warn on a Signal and WhatsApp phishing campaign

    Initial Disclosure

    Netherlands intelligence agencies and Signal warned that Russian state-sponsored hackers are running an ongoing phishing campaign against government officials, military personnel, journalists, and Dutch government employees, using fake Signal support prompts, SMS verification-code theft, Signal PIN theft, and malicious QR codes or links to hijack Signal and WhatsApp accounts, access messages, and impersonate victims.

    Show sources