Bottom Line: Russian intelligence agencies deploy phishing campaigns to steal Signal backup recovery keys and gain access to message histories.
The FBI and CISA report on a phishing campaign by Russian intelligence services targeting Signal users and specifically aimed at Signal backup recovery keys. With stolen keys, attackers can access message histories.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warn of a phishing campaign attacking Signal users and linked to Russian intelligence services. The campaign has evolved into a new attack strategy: it targets not only Signal accounts themselves, but specifically Signal backup recovery keys — the keys necessary to restore Signal backups.
With a stolen backup recovery key, attackers can access a victim’s complete message history. This is particularly significant for target groups such as government officials, military personnel, and security agency staff whose communications are sensitive. The phishing campaign uses forged legitimacy and social engineering to persuade users to disclose these keys.
For CISOs, this campaign means that Signal users in critical roles carry additional risk if backup recovery keys are unprotected. The recommendation from the authorities is: users should store their backup recovery keys securely, not click on phishing links, and verify suspicious requests before disclosing authentication data or recovery keys.
Source: www.bleepingcomputer.com · Published 27 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.