Russian intelligence services are conducting phishing campaigns targeting individual user accounts of commercial messaging applications (CMAs) to bypass encryption, compromising accounts to view messages, access contact lists, and launch further phishing attacks. The threat is a social engineering attack vector, not a vulnerability in the applications' encryption or specific software versions. CISA and the FBI urge CMA users to review their PSA, follow recommended cybersecurity practices, and remain vigilant for suspicious activity.
CISA and the Federal Bureau of Investigation released a Public Service Announcement (PSA) warning about ongoing phishing campaigns cyber actors associated with the Russian Intelligence Services targeting commercial messaging applications (CMAs). These campaigns aim to bypass encryption to compromise to individual user accounts with targets including current and former U.S. government officials, military personnel, political figures, and journalists. Evidence shows that cyber actors have been able to compromise individual CMA accounts, but not encryption of the applications themselves. The actors’ global campaigns have resulted in unauthorized access to thousands of individual CMA accounts to view the victims’ messages and contact lists, send messages, and conduct additional phishing against other CMA accounts. CISA and FBI urge CMA users to review the PSA, follow recommended cybersecurity practices, and remain vigilant for suspicious activity.