Russian Intelligence targets American messaging app users, FBI says
on Google
Hackers linked to Russian intelligence have been targeting messaging app accounts of high-profile U.S. users, FBI Director Kash Patel said on March 20.
Patel said that the FBI identified the cyber actors responsible for the campaign, which aimed at "individuals of high intelligence value," such as current and former U.S. government officials, military personnel, political figures, and journalists.
"Globally, this effort has resulted in unauthorized access to thousands of individual accounts. After gaining access, the actors can view messages and contact lists, send messages as the victim, and conduct additional phishing from a trusted identity," Patel wrote on X.
The @FBI has identified cyber actors associated with Russian Intelligence Services targeting users of commercial messaging applications, including Signal.
— FBI Director Kash Patel (@FBIDirectorKash) March 20, 2026
The campaign targets individuals of high intelligence value, including current and former U.S. government officials,…
Patel named Signal as one of the apps in question. In 2024, Russia's communications regulator, Roskomnadzor, announced the blocking of Signal.
Russia blocked several foreign social networks and messenger apps, referring to companies' alleged violations of Russian law.
Previously, on March 9, Russian hackers launched a global cyber campaign targeting WhatsApp and Signal accounts, according to Dutch intelligence agencies.
"Russian state hackers are engaged in a large-scale global cyber campaign to gain access to Signal and WhatsApp accounts belonging to dignitaries, military personnel and civil servants," the Netherlands' General Intelligence and Security Service (AIVD) said in a statement.
Dutch intelligence agencies said the campaign targeted government employees and may also be aimed at other persons of interest to the Russian government, including journalists.
The attackers reportedly used phishing tactics to persuade users in chats to disclose security verification codes and passcodes, allowing them to access personal accounts and group chats.
"The Russian hackers have likely gained access to sensitive information," AIVD and the Dutch Military Intelligence and Security Service (MIVD) said in a joint statement.
Signal acknowledged the reports in a social media post, saying it was aware of targeted phishing attacks that have led to some account takeovers.
Since Russia's full-scale invasion of Ukraine, however, the country's cyber activities have increasingly shifted toward more disruptive and destructive operations targeting Ukraine's Western allies.
Cyberattacks have become a central element of Russia's hybrid warfare strategy. European governments have repeatedly accused Moscow of escalating cyber operations, including attacks on Ukrainian systems, breaches of civilian infrastructure in Europe, and attempts to interfere in foreign elections.
