The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an update to their Public Service Announcement to warn the public about an aggressive, evolving cyber threat. Russian intelligence agencies are actively running a sophisticated phishing campaign aimed at hijacking individual accounts on commercial messaging applications (CMAs).
Russian Intelligence Agencies Involved
Federal investigators have traced the activity back to multiple clusters of Russian Intelligence Services (RIS) cyber threat actors. These groups include Russian Federal Security Service (FSB) officers embedded with the FSB Border Guards, alongside other actors operating on behalf of the Russian military.
The government agencies emphasized that the underlying technology of these messaging platforms remains secure, noting that “RIS cyber threat actors have compromised individual CMA accounts, but not the CMA’s encryption or the application itself.”
Phishing Campaign Tactics
The scam relies entirely on social engineering. Hackers create accounts that masquerade as automated tech support profiles from the messaging platform. While these fake accounts have historically tried to steal user verification codes and account PINs, their tactics have recently grown more dangerous. The attackers are now actively trying to trick users into giving up their Backup Recovery Keys.
If a targeted user follows the fraudulent instructions to back up their messages and subsequently shares their Backup Recovery Key, the consequences are severe. With that key, Russian threat actors can view the account’s entire historical record, monitor private and group messages, and fully take over the account.
To stop this ongoing access, users must take manual action. To mitigate this risk, a user must generate a completely new Backup Recovery Key inside the application’s Settings menu.
Original reporting: Tampa Free Press — read the source article.
