The FBI and the Cybersecurity and Infrastructure Security Agency say senior government officials need to be aware of ongoing phishing campaigns targeting Signal and potentially other commercial messaging applications.
In a March 20 alert, the FBI and CISA said cyber actors associated with Russian Intelligence Services are sending phishing messages through such applications, masquerading as automated support accounts. Individuals who follow the instructions can have their accounts taken over by the attackers.
“This global campaign has resulted in unauthorized access to thousands of individual [commercial messaging application] accounts,” After compromising an account, malicious actors can view the victims’ messages and contact lists, send messages, and conduct additional phishing against other CMA accounts.
The alert makes clear that the hackers have compromised individual accounts, and not the encryption or applications themselves.
David Wiseman, vice president of secure communications at BlackBerry, argues the campaign shows that people “have become overconfident in the concept of end-to-end encryption.”
“While end to end encryption is very important for protecting the contents of your communication, the larger risk typically is around identity and spoofing of identities, and, finding surreptitious ways to link to people’s accounts,” Wiseman said on Federal News Network. “That’s really what this warning is about.”
AI-generated phishing
While the FBI’s alert didn’t mention artificial intelligence, Wiseman said AI can help hackers tailor sophisticated attacks at a “much broader scale and a much lower cost.”
“Before, everyone would get the same spam email, and now it starts to become very, tailored, particularly when you’re targeting specific individuals, specific agencies, specific functions,” Wiseman said.
Threat actors like Russia’s intelligence services have always been interested in spying on day-to-day communications patterns, in addition to uncovering the contents of messages themselves.
But the near-instantaneous nature of today’s communications culture means intelligence agents can “direct someone’s behavior much more effectively,” Wiseman said.
“Whether that’s now an AI-generated message from your boss, a voice message coming in over a channel you feel you’ve got trust in. ‘Hey, this is end to end encrypted. It must be true,’” Wiseman said. “And so I think it’s not only the collection of information, but then actually looking for opportune times to change the behavior that people are going to take, what they’re going to say, what they’re going to do, by feeding them false information.”
Mobile communications challenges
The FBI alert is yet another development in a string of mobile security threats in recent years. The most far reaching threat, by far, has been the emergence of Salt Typhoon, a China-linked hacking group that has infiltrated global telecommunications networks, including in the United States.
The ongoing targeting of mobile networks, devices and applications has shifted intelligence collection from “retrospective” analysis to more real-time applications, Wiseman said.
“What we’ve seen with Salt Typhoon, coupled with the AI processing capabilities and the ability to embed some of those models directly into the networks, is it’s no longer retrospective,” Wiseman said. “It’s in the now.”
Wiseman also predicted the accelerating use of AI capabilities will only add to mobile security challenges that cybersecurity practitioners will have to address in the coming years.
“The next big thing is going to be scandals around people just using regular AI systems through their browsers and all types of sensitive information being spilled out, people getting inaccurate information because it wasn’t a trusted source,” Wiseman said. “Where that’s going to lead over the next couple of years is not only the security of the actual back end of the AI, but the security of how you connect to it, because it can’t always be you’re sitting at your desk. You’re going to have to use these mobile tools to integrate that into your workflow. And the identity is going to be important on both sides. Is it really the right system? The records are going to be important. The ability to make sensitive information available to those models, and trust who’s going to have access to it, is going to be important.”
Copyright
© 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
