FBI Warns of Russian Hackers Targeting Signal Backup Recovery Keys

The FBI and CISA have issued a warning regarding a phishing campaign by Russian intelligence services targeting Signal users to steal Backup Recovery Keys. This escalation allows attackers to access victims' historical messages and take over accounts. The campaign, tracked as UNC5792 and UNC4221, primarily targets high-value individuals, including government officials and journalists. Attackers impersonate Signal support to trick users into enabling backups and sharing their 30-digit recovery codes. The phishing messages falsely claim mandatory two-factor authentication and urgent data recovery needs. Victims who share their recovery keys risk permanent loss of their data, as the key remains valid even if they create a new account. The advisory emphasizes that the attackers exploit social engineering rather than breaking Signal's encryption. The FBI is offering a reward for information on the threat actors involved.

Key Points: • Russian intelligence services are targeting Signal users to steal Backup Recovery Keys. • Phishing messages impersonate Signal support, claiming urgent security needs. • Victims risk permanent data loss if they share their recovery keys.