logo

FBI: Russian hackers now target Signal backup recovery keys

ID: 614ebdf6-b4f9-5a67-a4f4-7c98829d8a65

STIX ID: report--614ebdf6-b4f9-5a67-a4f4-7c98829d8a65

Feed Name: Bleeping Computer

Threat Score
75/100

Date Published: 2026-06-26

Date Updated: 2026-06-26

Author: Lawrence Abrams

...
...

The FBI and CISA warn of an ongoing, targeted phishing campaign attributed to Russian Intelligence Services (tracked as UNC5792 and UNC4221) that impersonates Signal support to trick high-value targets—including government officials, military personnel, journalists, and Ukrainian officials—into revealing Signal Backup Recovery Keys. Attackers first prompt victims to enable Signal Secure Backups and then send follow-up messages requesting the recovery key to 'prevent data loss'; possession of the key allows attackers to restore encrypted backups and access historical private and group messages. The advisory emphasizes that legitimate support will not request verification codes or recovery keys in-chat, explains steps victims must take if compromised, and urges reporting to FBI/CISA.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.