FBI Director Kash Patel said Friday that the bureau has identified a Russian intelligence campaign targeting users of commercial messaging applications to access high-value accounts.
The campaign has resulted in unauthorized access to thousands of individual accounts globally, Patel said, with targets including current and former US government officials, military personnel, political figures and journalists.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory that Russian intelligence actors had compromised individual accounts but had not broken the encryption of the applications themselves.
The attack works through phishing messages disguised as automated support notifications from the platforms. Targets are tricked into clicking links or handing over verification codes or account PINs, which either adds the attacker's device as a linked device or gives them full control of the account.
“After gaining access, the actors can view messages and contact lists, send messages as the victim, and conduct additional phishing from a trusted identity," said Patel.
He stressed that the vulnerability lay with users rather than the apps, urging the public to take protective action.
The FBI and CISA urged users to pause and disengage if a message feels suspicious, never share verification codes or PINs for actions they did not initiate, and scrutinize links before clicking.
They also recommended regularly checking group chat participant lists for duplicate or fake accounts, enabling message expiration features and reporting suspected phishing to the FBI.