On point: Russian intelligence operatives are phishing not only Signal accounts but also their backup recovery keys — a single compromised key enables permanent access to all messages and account takeover.
Russian intelligence actors have expanded their phishing campaigns against Signal accounts: they are now specifically targeting users’ backup recovery keys. With this key, attackers can restore a backup of an account and gain access to all private and group messages.
The FBI and CISA have updated their warning from March, which already reported on Russian intelligence phishing campaigns targeting Signal users. The attackers have now expanded their approach: they are deliberately targeting victims to disclose their Signal backup recovery key.
Anyone who gives this key to attackers risks complete account takeover. With the key, attackers can restore the account backup, view the complete message history (private and group), and take over the account. An additional security risk: the key remains permanently valid — once compromised, the account remains vulnerable indefinitely.
For CISOs, this represents a new attack surface in securing messaging applications in an enterprise context. User awareness regarding backup management and phishing indicators becomes critical, as does verification of whether and how backup recovery processes are protected in the enterprise environment.
Source: thehackernews.com · Published 26 June 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.