FBI Warns Russian Hackers Target Signal Backup Recovery Keys

The FBI and CISA have updated their warning about a phishing campaign linked to Russian intelligence services, now targeting Signal Backup Recovery Keys. The attackers coax targets into handing over the key, which allows them to restore the account's backup and read private and group message history.

This escalation in tactics enables persistent account takeover, as the key continues to work after initial compromise. The warning follows earlier advisories about Russian intelligence phishing Signal accounts, with this new step significantly increasing the severity of the threat.

The attack vector involves social engineering to trick users into providing their Backup Recovery Key. Once obtained, attackers can restore the backup on their own device, gaining full access to past conversations and ongoing messages without triggering typical security alerts.

Users are advised to enable registration lock within Signal's privacy settings, which prevents account restoration without the PIN. No other mitigations have been detailed by the agencies. Users should also be vigilant against phishing attempts requesting recovery keys.

The campaign has been attributed to Russian intelligence services, though no specific group has been named. This development underscores the growing sophistication of targeted cyber operations against secure communication platforms.