The hackers are not breaking end-to-end encryption — they are bypassing it entirely through social engineering. The scheme involves: Hackers posing as Signal help personnel Sending phishing messages that invite targets to click a link Requesting verification codes or account PINs Once compromised, attackers can view messages, contact lists, send messages, and phish additional accounts The FBI and CISA emphasized that while the current campaign primarily targets Signal, "similar methods can be applied against other CMAs (commercial messaging applications)."

FBI and CISA Warn Russian Hackers Are Targeting Signal and WhatsApp Users Globally

By Jaspal March 21, 2026 Updated: March 21, 2026

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint public service announcement warning that hackers tied to Russian intelligence services have compromised thousands of users' messaging apps through a global phishing campaign targeting Signal, WhatsApp, and other commercial messaging applications.

Who Is Being Targeted

The campaign is specifically going after high-value targets: current and former U.S. government officials, political figures, military personnel, and journalists. The hackers are using social engineering tactics to gain access to accounts rather than breaking the apps' encryption.

The U.S. alert follows earlier warnings from Dutch authorities last week and German authorities in February, all pointing to a "large-scale global attempt" by Russian hackers to take over messaging accounts.

How the Attack Works

The hackers are not breaking end-to-end encryption — they are bypassing it entirely through social engineering. The scheme involves:

Hackers posing as Signal help personnel
Sending phishing messages that invite targets to click a link
Requesting verification codes or account PINs
Once compromised, attackers can view messages, contact lists, send messages, and phish additional accounts

The FBI and CISA emphasized that while the current campaign primarily targets Signal, "similar methods can be applied against other CMAs (commercial messaging applications)."

A Growing Pattern

This is far from an isolated incident. Google's Threat Intelligence Group previously highlighted Russian attempts to target Signal users specifically in Ukraine, warning that "the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions."

CISA also warned in November about spyware targeting messaging apps, suggesting a broader trend of state-sponsored actors focusing on encrypted communications platforms.

The Bottom Line

The irony is thick: the apps people choose specifically for security are now the top targets for intelligence agencies. But the real lesson here isn't that Signal or WhatsApp are insecure — their encryption remains unbroken. The weakest link is still humans. Russian hackers didn't need zero-day exploits or quantum computers. They just needed to ask nicely for your verification code. If you get a message from "Signal Support" asking you to verify your account, that is not Signal. That is Russia.