As part of a pair of advisory reports issued Friday, federal authorities outlined a pattern of foreign cyber activity that is increasingly exploiting the trust users place in everyday communication tools as a means of infiltration.
According to the FBI, as well as the Cybersecurity and Infrastructure Security Agency, Russian and Iranian intelligence-linked actors are utilizing widely-used messaging platforms for the purpose of infiltrating sensitive networks, particularly Signal.
It is not merely opportunistic, but is also carefully planned, with a focus on individuals who are in a position to influence government, defense, media, and public affairs. These operations typically imitate routine system notifications and support alerts to trick victims into providing access credentials under the guise of urgent account actions resulting in the unauthorized accessing of thousands of accounts.
As a result, social engineering tactics are being increasingly employed, which rely less on technical exploits and more on eroding trust among users in otherwise secure environments online.
On the basis of these findings, the FBI has issued a public service announcement explicitly identifying Russian intelligence services as the source of ongoing phishing activity, which is an unusual step, as it departs from earlier advisories that generally refer to state-sponsored threats in a broader sense.
These operations are designed in a manner to circumvent the security assurances offered by end-to-end encrypted commercial messaging applications, rather than by compromising cryptographic integrity, but by systematically hijacking user accounts.
Attackers are able to acquire persistent access without defeating the underlying encryption protocols by exploiting authentication workflows and manipulating users into divulging verification codes or account credentials.
Although the tradecraft can be used across a wide range of messaging platforms, investigators note that Signal is a prominent target due to the combination of perceived security and high-value users. When a threat actor enters an account, they will have access to private communications, contact networks, impersonation of trusted identities, and the propagation of further phishing campaigns.
Based on the FBI’s estimate that thousands of accounts have already been impacted, the scope of the activity underscores a deliberate focus on individuals with access to sensitive or influential information. Each successful compromise increases both the intelligence value and downstream operational risk.
During his presentation to the FBI, Director Kash Patel explained that the operation targeted individuals of high intelligence value. This campaign has already been confirmed to have affected thousands of accounts worldwide, including current and former government officials, military personnel, political actors, and media members.
It is important to emphasize that the intrusion set does not exploit flaws in the encryption architecture of commercial messaging platforms but instead uses sophisticated phishing techniques to compromise user authentication.
The method typically involves the delivery of convincingly crafted alerts warning of suspicious login activity or unauthorized access attempts to recipients, which prompt
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: