FBI Director Kash Patel announced on 20 March that cyber actors linked to Russian intelligence services have been running a campaign to access the private messaging accounts of high-value US targets, including current and former government officials, military personnel, political figures, and journalists.
"Globally, this effort has resulted in unauthorized access to thousands of individual accounts," Patel wrote on X. "After gaining access, the actors can view messages and contact lists, send messages as the victim, and conduct additional phishing from a trusted identity."
Signal was named among the targeted applications. The encrypted messaging platform confirmed the reports, saying it was aware of targeted phishing attacks that had led to some account takeovers.
The FBI warning follows a March 9 alert from Dutch intelligence agencies, which said Russian state hackers were running "a large-scale global cyber campaign to gain access to Signal and WhatsApp accounts belonging to dignitaries, military personnel and civil servants." The Netherlands' General Intelligence and Security Service (AIVD) and the Dutch Military Intelligence and Security Service (MIVD) said in a joint statement that the attackers had "likely gained access to sensitive information."
According to Dutch intelligence, the method was straightforward: attackers used phishing tactics to persuade users — typically through chats — to hand over security verification codes and passcodes, which then allowed access to personal accounts and group chats. The FBI echoed the point, with Patel noting that "this vulnerability is not with the application — but you as the end user."
The campaign, Dutch agencies said, targeted government employees but may also extend to journalists and others of interest to the Russian government.
The targeting of Signal carries particular context: Russia's communications regulator, Roskomnadzor, blocked the app in 2024, citing alleged violations of Russian law — part of a broader move by Moscow to restrict access to foreign social networks and messaging platforms domestically while, according to Western intelligence, seeking to penetrate them abroad.
Since Russia's full-scale invasion of Ukraine, European governments have repeatedly accused Moscow of escalating cyber operations — including attacks on Ukrainian systems, breaches of civilian infrastructure in Europe, and attempts to interfere in foreign elections. Cyberattacks, according to those governments, have become a central element of Russia's hybrid warfare strategy.
