Russian Intelligence Is Hijacking Signal and WhatsApp Accounts—The FBI Says Thousands Are Compromised

Encryption Is Not the Weak Link—You Are

On March 20, 2026, the FBI and CISA issued a joint public service announcement (PSA I-032026-PSA) warning of an active global phishing campaign by actors linked to Russian Intelligence Services. The campaign targets users of commercial messaging apps, primarily Signal, but the same techniques apply to WhatsApp and Telegram.

The attackers are not breaking encryption. Signal's end to end encryption remains mathematically secure. Instead, they are phishing their way into user accounts, then reading every message in real time from the compromised device. Thousands of accounts have already been compromised across multiple countries.

How the Attack Works

The campaign uses fake in app support messages to manipulate victims. A typical attack begins with a message from what appears to be "Signal Security ChatBot" or a similar official sounding account. The message claims suspicious activity has been detected on the victim's account and urges them to take immediate action.

Victims are then directed to click a malicious link or scan a QR code, and asked to share their verification PIN or two factor authentication code. With those credentials, the attackers link their own device to the victim's account or take over the account entirely.

Once inside, the attackers can view all messages and contact lists, send messages as the victim, and, critically, use the compromised account to phish additional targets. This creates a chain reaction: a message from a trusted contact's account is far more convincing than one from an unknown number.

Who Is Being Targeted

The FBI identified the primary targets as individuals of high intelligence value: current and former U.S. government officials, military personnel, political figures, and journalists. These are people whose private communications could provide strategic intelligence to Russian operatives.

But the campaign is not limited to high profile targets. The chain reaction nature of the attack means that once a single account in a social network is compromised, everyone in that person's contact list becomes a potential next victim. Ordinary users connected to targeted individuals are at risk.

This alert follows similar warnings from German authorities earlier in 2026 about state hackers hijacking Signal accounts of politicians and journalists. Google Threat Intelligence noted that these tactics "will grow in prevalence and proliferate to additional threat actors and regions."

Why This Matters Beyond Signal

The campaign highlights a fundamental truth about encrypted messaging: encryption protects the channel, not the endpoints. If an attacker controls one end of the conversation, the encryption between the two devices is irrelevant. This same principle applies to email. Your messages may be encrypted in transit, but if someone gains access to your account, they see everything.

The FBI's alert also applies to WhatsApp and Telegram. The phishing techniques are platform agnostic. Any messaging service that relies on phone number verification and device linking is vulnerable to the same social engineering approach.

How to Protect Your Messaging Accounts

The FBI and CISA recommend these specific defensive steps:

• Never share verification codes or PINs: Legitimate support services will never ask for these via direct message within the app
• Enable registration lock in Signal: Go to Settings, then Account, then Registration Lock. This prevents anyone from re registering your number without your PIN
• Review linked devices regularly: In Signal, go to Settings, then Linked Devices. Remove any device you do not recognize
• Ignore unsolicited security alerts within messaging apps: Real security notifications come through the app's official update mechanism, not through chat messages
• Verify unusual requests through a separate channel: If a contact sends an unexpected link or request, call them to confirm before acting

End to end encryption remains one of the strongest protections for private communication. But encryption cannot protect you from handing over your own keys. The weakest link in any secure system is the person holding the password, and Russian intelligence is betting on exactly that.