:

RUSSIAN HACKERS TARGET SIGNAL BACKUP KEYS

SECURITY DESK1 MIN READ
FRI, JUN 26, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

The FBI and CISA warn of an evolving phishing campaign tied to Russian intelligence services targeting Signal users to steal backup recovery keys. Attackers can use these keys to access victims' encrypted message history.

Russian-linked threat actors have escalated their campaign against Signal users by focusing on stealing Signal Backup Recovery Keys through phishing attacks. These keys grant access to encrypted message archives, exposing sensitive communications even when the app itself remains secure. The FBI and Cybersecurity and Infrastructure Agency (CISA) issued the warning as the campaign evolved from initial reconnaissance. Phishing emails are designed to trick users into revealing their recovery credentials. Signal's backup feature encrypts messages locally before storing them, but possession of the recovery key allows decryption. Users are advised to guard recovery keys as closely as passwords and enable additional authentication protections. The campaign reflects a shift in tactics by state-sponsored actors targeting encrypted messaging platforms. Instead of breaking encryption, adversaries now pursue user credentials to bypass security layers directly. Organizations and individuals using Signal for sensitive communications should review their backup security settings immediately.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

A new browser fingerprinting vector has emerged in Chromium 148, where the Math.tanh function produces different results across operating systems. This discrepancy can be exploited to identify a user's underlying OS without explicit permission.

11H AGOIndustry Desk

Kaseya is hosting a webinar on strengthening MSP resilience through SaaS backups and business continuity strategies. The session focuses on how recovery capabilities prove critical when security defenses are breached.

17H AGOSecurity Desk

A new variant of RedHook Android malware abuses Wireless ADB (Android Wireless Debugging) to gain shell-level privileges without requiring a computer connection. This represents a significant escalation in the malware's capabilities.

18H AGOSecurity Desk

Fraudsters are creating convincing counterfeit news articles impersonating major publishers like the Guardian to direct social media users to bogus investment sites. The fake stories feature fabricated celebrity endorsements and financial narratives designed to establish credibility.

23H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.