:

RUSSIAN HACKERS TARGET SIGNAL BACKUP KEYS

SECURITY DESK1 MIN READ
FRI, JUN 26, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

The FBI and CISA warn of an evolving phishing campaign tied to Russian intelligence services targeting Signal users to steal backup recovery keys. Attackers can use these keys to access victims' encrypted message history.

Russian-linked threat actors have escalated their campaign against Signal users by focusing on stealing Signal Backup Recovery Keys through phishing attacks. These keys grant access to encrypted message archives, exposing sensitive communications even when the app itself remains secure. The FBI and Cybersecurity and Infrastructure Agency (CISA) issued the warning as the campaign evolved from initial reconnaissance. Phishing emails are designed to trick users into revealing their recovery credentials. Signal's backup feature encrypts messages locally before storing them, but possession of the recovery key allows decryption. Users are advised to guard recovery keys as closely as passwords and enable additional authentication protections. The campaign reflects a shift in tactics by state-sponsored actors targeting encrypted messaging platforms. Instead of breaking encryption, adversaries now pursue user credentials to bypass security layers directly. Organizations and individuals using Signal for sensitive communications should review their backup security settings immediately.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Organizations can enforce robust Active Directory password security without sacrificing usability. Specops Software outlines practical approaches combining passphrases, breach detection, and self-service tools.

JUST NOWDev Desk

Elon Musk's xAI has filed its first lawsuit against a Grok user accused of generating child sexual abuse material (CSAM) using the AI chatbot. The legal action marks a shift in how the company is addressing the issue.

3H AGOAI Desk

US Homeland Security Investigations seized over 30,000 SIM cards across the country in June and July. The agency claims the operation dismantled infrastructure used in telephone fraud schemes.

3H AGOAI Desk

Advanced Russian threat actors have adopted Clickfix, a social-engineering technique previously favored by financially motivated cybercriminals, according to recent security findings.

3H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.