FBI Alerts: Russian Hackers Target Signal Backup Keys to Access Old Chats

Post Views: 5

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a critical advisory highlighting a new cyber threat campaign attributed to Russian intelligence-linked groups.

FBI and CISA Alert

Attackers are now employing a phishing strategy to compromise users of the Signal messaging application by stealing Backup Recovery Keys, which allow unauthorized access to encrypted backups of historical messages and media.

Phishing Strategy

The advisory expands on earlier warnings from March 2026, when threat actors focused on acquiring verification codes, account PINs, or tricking victims into linking malicious devices to their Signal accounts. The current phase of the campaign shifts focus to obtaining Backup Recovery Keys, which are essential for restoring encrypted data stored in the app’s secure backup system.

Targeted Individuals

Targeted individuals include high-value users such as government officials, military personnel, political figures, journalists, and individuals associated with Ukraine. The attacks are linked to cyber groups operating under the direction of Russian intelligence services.

Attack Methods

Attackers impersonate Signal’s official support team to deceive victims. They send phishing messages claiming that mandatory security updates and two-factor verification are being implemented due to heightened threats from hackers in Iran and other regions. These messages urge users to activate Signal’s Secure Backup feature and generate a Recovery Key.

Data Loss Scenarios

A subsequent stage involves fraudulent communications warning of data loss due to synchronization errors, prompting victims to share their Recovery Keys. Once obtained, attackers can restore the encrypted backups on their devices, granting access to private and group conversations.

FBI Recommendations

The FBI has emphasized that creating a new Signal account with the same phone number does not invalidate previously compromised Recovery Keys. Users must generate a new key through the app’s backup settings to ensure future backups are secure. However, if attackers already possess an old key, they can still access data from prior backups.

Cybersecurity Expert Advice

Cybersecurity experts stress that no legitimate organization or service will request users to share Recovery Keys, OTPs, PINs, or verification codes via chat, SMS, or messaging platforms. Disclosing such credentials risks exposing sensitive information, including private communications and confidential documents.

User Actions

Users are advised to verify all security-related messages through official channels before taking action. Additionally, cybersecurity professionals recommend that users never share Backup Recovery Keys or other authentication credentials under any circumstances. Suspicious activities should be reported immediately to the platform’s official support teams and relevant cybercrime authorities to mitigate potential data breaches.

Conclusion

The advisory underscores the growing reliance on social engineering tactics by cybercriminals, who exploit human trust rather than technical vulnerabilities. Experts urge users to remain vigilant and adhere to strict security protocols when interacting with digital services.

“No legitimate organization or service will request users to share Recovery Keys, OTPs, PINs, or verification codes via chat, SMS, or messaging platforms.”