Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Russian intelligence Signal recovery-key phishing campaign

Campaign
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

An active Russian intelligence phishing campaign is impersonating Signal support to steal Backup Recovery Keys, verification codes, and account PINs, putting high-risk users at risk of account takeover. The targets include US and international government officials, military personnel, political figures, journalists, and Ukrainian officials. A June 26 PSA says the same access can expose historical private and group messages and let attackers take over the account.

Related Happenings

Russian intelligence services fake support SMS messaging-account phishing campaign

Campaign
H score31 First: 27.06.2026 20:27 Last: 27.06.2026 20:27 Sources 1

About this happening: A **long-running phishing campaign** by **Russian intelligence services** is stealing **messaging-account credentials** from officials, military personnel, politicians, and activi...

Open Happening

GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations

Campaign
H score39 First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...

Open Happening

Suspected Russia-linked Signal phishing campaign targeting political accounts

Campaign
H score18 First: 28.04.2026 13:54 Last: 28.04.2026 13:54 Sources 1

About this happening: A **suspected Russia-linked** phishing campaign on **Signal** compromised about **300 political-sphere accounts**, exposing chats, ongoing conversations, and address books. Victim...

Latest development: 12.05.2026 22:40

Signal introduced new in-app confirmations, warning messages, and educational prompts to help users resist phishing and social engineering attempts, including bogus Signal Support lures and requests to scan QR codes or share registration codes, PINs, or recovery keys.

Open Happening

BfV and BSI public warning on Signal phishing

Public Sector Action
H score20 First: 28.04.2026 13:54 Last: 28.04.2026 13:54 Sources 1

About this happening: Germany’s **BfV** and **BSI** issued a public warning about a **Signal phishing campaign**, flagging a likely **state-controlled cyber actor** and the risk to **politicians** and...

Open Happening

NCSC alert on messaging-app targeting of high-risk individuals

Public Sector Action
H score30 First: 02.04.2026 17:15 Last: 02.04.2026 17:15 Sources 1

About this happening: The **UK National Cyber Security Centre (NCSC)** issued a **March 31 alert** warning that **Russia-based actors** were targeting **high-risk individuals** through messaging apps,...

Open Happening

Timeline

  1. 29.06.2026 11:15 2 articles · 1h ago

    FBI warns of Russian intelligence phishing for Signal backup recovery keys

    Initial Disclosure

    The FBI issued a June 26 public warning that Russian intelligence services were targeting Signal accounts used by high-risk users with phishing messages impersonating automated support accounts to steal Backup Recovery Keys, verification codes, and account PINs. The warning said the activity could expose historical private and group messages and enable account takeover, and it advised users to avoid sharing verification codes or recovery keys and to regenerate a new backup recovery key if needed.

    Show sources
    Open in new tab