The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have reported a significant increase in phishing campaigns aimed at compromising commercial messaging applications, specifically targeting accounts of high-profile individuals. These attacks are attributed to threat actors linked to Russian intelligence services, which have reportedly resulted in unauthorized access to thousands of accounts.
Individuals targeted include current and former U.S. government officials, military personnel, political figures, and journalists. Following successful breaches, attackers can access messages and contact lists, impersonate victims by sending messages, and potentially launch further phishing attempts. Importantly, these attacks do not exploit weaknesses in platform encryption but focus on tricking users into providing access.
While no specific threat actor has been identified, previous investigations by Microsoft and Google have associated these activities with groups known as Star Blizzard, UNC5792, and UNC4221. Similar warnings have been issued by cybersecurity agencies in France, Germany, and the Netherlands, indicating a broader trend of such attacks targeting government officials and business leaders. The adversaries often present themselves as "Signal Support," enticing victims to click on malicious links or provide verification codes.