Russian state-sponsored hackers' ongoing Signal and WhatsApp phishing campaign
Campaign
Summary
Hide ▲
Show ▼
An ongoing Russian intelligence-linked phishing campaign is targeting Signal and WhatsApp users and has evolved from stealing verification codes and account PINs to stealing Backup Recovery Keys through impersonated support messages. The latest FBI and CISA update says the attackers now try to elicit recovery keys so they can restore Signal's Secure Backups on their own devices and read historical messages, including private and group conversations. The campaign continues to target high-intelligence-value individuals, and the U.S. government says thousands of individual accounts for commercial messaging applications were compromised.
Related Happenings
Meta For Business Facebook Messenger fake-verification phishing campaign
Campaign
H score29
First: 07.07.2026 10:00
Last: 07.07.2026 10:00
Sources 1
About this happening:
A **phishing campaign** abused **Facebook Messenger chatbots** and fake verification lures to steal **Meta For Business** credentials and sensitive identity data, creating account...
Meta For Business Facebook Messenger fake-verification phishing campaign
CampaignAbout this happening: A **phishing campaign** abused **Facebook Messenger chatbots** and fake verification lures to steal **Meta For Business** credentials and sensitive identity data, creating account...
Russian intelligence Signal recovery-key phishing campaign
Campaign
H score29
First: 29.06.2026 11:15
Last: 29.06.2026 11:15
Sources 1
About this happening:
An active **Russian intelligence** phishing campaign is impersonating **Signal** support to steal **Backup Recovery Keys**, **verification codes**, and **account PINs**, putting *...
Russian intelligence Signal recovery-key phishing campaign
CampaignAbout this happening: An active **Russian intelligence** phishing campaign is impersonating **Signal** support to steal **Backup Recovery Keys**, **verification codes**, and **account PINs**, putting *...
Russian intelligence services fake support SMS messaging-account phishing campaign
Campaign
H score29
First: 27.06.2026 20:27
Last: 27.06.2026 20:27
Sources 1
How related:
“UNC5792 has conducted widespread phishing campaigns targeting Signal and WhatsApp accounts of U.S. government officials, military leadership, and allied personnel.”
About this happening:
A **long-running phishing campaign** by **Russian intelligence services** is stealing **messaging-account credentials** from officials, military personnel, politicians, and activi...
Russian intelligence services fake support SMS messaging-account phishing campaign
CampaignHow related: “UNC5792 has conducted widespread phishing campaigns targeting Signal and WhatsApp accounts of U.S. government officials, military leadership, and allied personnel.”
About this happening: A **long-running phishing campaign** by **Russian intelligence services** is stealing **messaging-account credentials** from officials, military personnel, politicians, and activi...
Signal Backup Recovery Key phishing mitigation
Advisory/Mitigation
H score25
First: 27.06.2026 01:06
Last: 27.06.2026 01:06
Sources 1
How related:
The updated advisory reminds users that legitimate messaging application support teams only communicate through official company email addresses, never request verification codes within the application, and do not send links asking users to verify or restore their accounts.
About this happening:
The **FBI** and **CISA** updated mitigation guidance for **Signal users** after a phishing operation began targeting **Backup Recovery Keys**, which can expose **historical messag...
Signal Backup Recovery Key phishing mitigation
Advisory/MitigationHow related: The updated advisory reminds users that legitimate messaging application support teams only communicate through official company email addresses, never request verification codes within the application, and do not send links asking users to verify or restore their accounts.
About this happening: The **FBI** and **CISA** updated mitigation guidance for **Signal users** after a phishing operation began targeting **Backup Recovery Keys**, which can expose **historical messag...
WhatsApp VBScript phishing campaign targeting users in multiple countries
Campaign
H score43
First: 23.06.2026 01:42
Last: 23.06.2026 01:42
Sources 1
About this happening:
An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...
WhatsApp VBScript phishing campaign targeting users in multiple countries
CampaignAbout this happening: An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...
Timeline
-
27.06.2026 01:06 3 articles · 12d ago
FBI warns Signal phishing campaign now targets Backup Recovery Keys
Technical Analysis UpdateFBI and CISA warn that the Russian intelligence services-linked Signal phishing campaign has evolved from stealing verification codes, account PINs, and linked-device access to eliciting victims' Backup Recovery Keys through impersonated Signal support messages. If a target provides the key, attackers can restore Signal's Secure Backups on their own devices and read historical messages, including private and group conversations, while the campaign continues to target high-intelligence-value individuals.
Show sources
- FBI: Russian hackers now target Signal backup recovery keys — www.bleepingcomputer.com — 27.06.2026 01:06
- US Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks Evolve — www.securityweek.com — 29.06.2026 12:29
- U.S. offers $10 million for hackers targeting WhatsApp, Signal users — www.bleepingcomputer.com — 29.06.2026 18:09
-
09.03.2026 23:24 4 articles · 4mo ago
Dutch intelligence and Signal warn on a Signal and WhatsApp phishing campaign
Initial DisclosureNetherlands intelligence agencies and Signal warned that Russian state-sponsored hackers are running an ongoing phishing campaign against government officials, military personnel, journalists, and Dutch government employees, using fake Signal support prompts, SMS verification-code theft, Signal PIN theft, and malicious QR codes or links to hijack Signal and WhatsApp accounts, access messages, and impersonate victims.
Show sources
- Dutch govt warns of Signal, WhatsApp account hijacking attacks — www.bleepingcomputer.com — 09.03.2026 23:24
- FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks — thehackernews.com — 21.03.2026 15:17
- NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts — www.infosecurity-magazine.com — 02.04.2026 17:15
- FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys — thehackernews.com — 26.06.2026 22:38