Russian Threat Actors Hijack Signal and WhatsApp via SIM‑Swap and Phishing

The FBI and CISA released a joint advisory warning that Russian‑backed groups are targeting users of Signal and WhatsApp. The actors combine SIM‑swap attacks with spear‑phishing messages to gain control of victims’ phone numbers, then seize the linked messaging accounts. Once compromised, the accounts are used to conduct espionage, harvest credentials, and distribute additional malicious links to contacts.

Defenders should treat these incidents as a reminder that even end‑to‑end encrypted platforms are vulnerable when the underlying phone number is hijacked. Compromised accounts can become a conduit for broader credential theft and lateral phishing campaigns within an organization. Implement multi‑factor authentication that does not rely solely on SMS, monitor for unusual SIM change requests, and educate users on verifying unexpected messages before clicking links.

Categories: Threat Intelligence, Identity & Access Management, Security Culture & Human Factors

Source: Read original article