Russians are posing as Signal support to launch phishing attacks
Summary
Russian intelligence-affiliated groups are impersonating Signal customer support to trick users into revealing account information and conducting phishing attacks. The FBI and CISA issued a joint warning about this emerging threat tactic. This method leverages social engineering to gain access to user accounts on secure messaging platforms.
IFF Assessment
This is bad news for defenders because threat actors are employing new social engineering tactics to compromise secure communication channels.
Defender Context
Defenders should be aware of threat actors impersonating support personnel on communication platforms like Signal. Users need to be educated about verifying support interactions and understanding that legitimate support will not ask for sensitive account details via unsolicited messages.