The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a joint warning on March 20 about the activities of hackers allegedly linked to Russian intelligence services. According to the agencies, the attackers hacked thousands of accounts in messengers, primarily in Signal. The main targets are current and former American officials, military personnel, politicians, and journalists. A similar warning was issued in early March by Dutch intelligence, which pointed to a global campaign to gain access to Signal and WhatsApp accounts.
Method of attack on Signal: social engineering instead of hacking encryption
Hackers are not attacking Signal's encryption itself — it is claimed that it has not been compromised. They impersonate security services and use phishing to force users to reveal access codes to their accounts. Signal described such attacks as "sophisticated phishing campaigns" and emphasized that the messenger's infrastructure was not affected.
A separate threat is created by linking Signal to a computer. In this case, the data is stored outside the protected space of the smartphone and becomes vulnerable to malware attacks — this was pointed out by former NSA hacker Jacob Williams. This configuration was used by a number of American officials in the "SignalGate" scandal of 2025, when details of a military operation were discussed in Signal by participants located abroad.
Why Signal is vulnerable despite encryption
Signal uses end-to-end encryption by default, collects minimal data, and supports automatic message deletion. This is why the messenger is popular among American officials and journalists. However, the messenger does not have official government certification for the transmission of classified data in the United States.
The vulnerability arises not at the protocol level, but at the device and user level. A hacked smartphone or computer opens access to messages before they are encrypted. Phishing allows you to obtain confirmation codes for linking an account to a new device — after that, the attacker reads the correspondence in real time.
The FBI warning identifies a systemic problem: technically protected platforms remain vulnerable through human error. Dutch and American intelligence agencies have recorded a large-scale cyber campaign against Signal and WhatsApp — this means that the attacks are not targeted, but systematic in nature and aimed at creating a sustainable channel for monitoring target groups.
Earlier www1.ru, citing Reuters, reported that Russian hackers learned secret information by hacking the accounts of European officials in WhatsApp.