The US Federal Bureau of Investigation has issued a public service announcement warning that threat actors linked to Russian intelligence are actively targeting users of encrypted messaging platforms, including Signal and WhatsApp, in large-scale phishing campaigns.
According to the agency, the attacks do not break end-to-end encryption but instead rely on account hijacking techniques. By tricking users into sharing verification codes or scanning malicious QR codes, attackers can link victim accounts to their own devices and gain full access to private communications.
The FBI said the operations have already compromised “thousands” of accounts worldwide, primarily focusing on individuals with access to sensitive information, such as government officials, military personnel, journalists, and political figures.
Once inside an account, attackers can read messages, access contact lists, impersonate victims, and spread further phishing messages from trusted identities.
The warning follows similar alerts from European authorities, including Dutch intelligence agencies and France’s Cyber Crisis Coordination Center, which described nearly identical tactics targeting secure messaging users across multiple countries.
Officials said that most phishing attempts impersonate platform support accounts, urging users to take actions that unknowingly grant access. The FBI advises users to remain cautious of unexpected messages, avoid scanning unknown QR codes, and never share verification codes.
In a separate alert, the FBI has warned that threat actors linked to Government of Iran Ministry of Intelligence and Security (MOIS) have been using Telegram as a command-and-control (C&C) infrastructure to push malware targeting Iranian dissidents, journalists opposed to Iran, and other opposition groups around the world. The malware campaign are aimed at intelligence collection, data leaks, and reputational harm.