The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a warning about phishing campaigns attributed to threat actors affiliated with Russian intelligence services that target commercial messaging applications (CMAs), including Signal and WhatsApp.

According to the advisory, the campaign focuses on individuals of “high intelligence value” (such as government officials, military personnel, political figures, and journalists) and has resulted in unauthorized access to thousands of accounts.

Why it matters

- Compromised messaging accounts can expose private conversations and contact graphs, and enable follow-on attacks (including spear-phishing) from a trusted identity.

- Messaging apps are commonly used for sensitive coordination; account takeover can create both operational and personal safety risks.

Defensive takeaways for organizations and individuals

- Treat unsolicited prompts to “re-link,” “re-verify,” or “restore” messaging access as suspicious, especially if they arrive via email/SMS/social DMs.

- Reduce account-recovery risk: use strong device passcodes, secure email accounts tied to messaging apps, and enable available protections (e.g., registration/transfer locks).

- Validate security requests out-of-band (call known numbers, use established channels) before acting.

What to watch next

Expect more attacker focus on account takeover and session hijacking, especially against targets whose identities can be leveraged for high-trust phishing chains.