Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S.
Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) said Friday.
"The campaign targets individuals of high intelligence value, including current and former U.S.
government officials, military personnel, political figures, and journalists," FBI Director Kash Patel said in a post on X.
"Globally, this effort has resulted in unauthorized access to thousands of individual accounts.
After gaining access, the actors can view messages and contact lists, send messages as the victim, and conduct additional phishing from a trusted identity."
CISA and the FBI said the activity has resulted in the compromise of thousands of individual CMA accounts.
It's worth noting that the attacks are designed to break into the targeted accounts and do not exploit any security vulnerability or weakness to crack the platforms' encryption protections.
While the agencies did not attribute the activity to a specific threat actor, prior reports from Microsoft and Google Threat Intelligence Group have linked such campaigns to multiple Russia-aligned threat clusters tracked as Star Blizzard , UNC5792 (aka UAC-0195), and UNC4221 (aka UAC-0185) .