Government officials have also been targeted by China, the Russian Federal Security Service (FSB) \u2013 which hacked the encrypted emails of a former head of MI6<\/a> \u2013 and Iran\u2019s Islamic Revolutionary Guard Corps (IRGC).<\/p>\n The NCSC\u2019s alert follows warnings from Google\u2019s Threat Intelligence Group<\/a> in February that Russian state-backed groups were making increasing efforts to target the Signal accounts of people of interest to the Russian intelligence services.<\/p>\n Hacking groups were using social engineering techniques to trick high-risk individuals into linking their Signal, or other messaging accounts to devices controlled by the hackers, allowing them to read messages sent and received by the target.<\/p>\n Techniques include attempts to trick victims into sharing login or account recovery codes, to persuade people to join group chats, to impersonate someone known to the victim, or to send malicious links or QR codes.<\/p>\n Journalists targeted<\/p>\n Journalists working on sensitive stories using the Signal messaging services were targeted with phishing messages in late January.<\/p>\n Stefania Maurizi, an Italian investigative journalist, told Computer Weekly that she had been working on investigations into the activities of US Immigration and Customs Enforcement<\/a> (ICE), the Israel Defence Forces and Italian police when she received a phishing message purporting to be an update to Signal.<\/p>\n \u201cSince I have worked on WikiLeaks for over a decade and on the Snowden files, I became acutely aware of how journalists are a target,\u201d she said. Checks revealed there was no Signal update available for her phone.<\/p>\n Maurizi was sent a second phishing message a few days later on a second phone purporting to come from the \u201cSignal security support chatbot<\/a>\u201d, a non-existent service.<\/p>\n Phishing message received by Stefania Maurizi<\/p>\n Russian attackers have exploited Signal\u2019s \u201clinked devices\u201d feature that enables Signal to be used on multiple devices simultaneously by sending the victim malicious QR codes masquerading as legitimate Signal messages.<\/p>\n If the attacks are successful, future messages will be sent simultaneously to the victim and to the hacker, allowing the hacker to eavesdrop on secure conversations without having to compromise the victim\u2019s device.<\/p>\n The NCSC advises people at risk<\/a> not to share sensitive information through messaging apps, which may be difficult for some users, to use two-step authentication in Signal, and passkeys.<\/p>\n It recommends regularly checking in settings for devices linked to a messaging account, reviewing membership of discussion groups and removing or verifying any unrecognised participants and the use of disappearing messages.<\/p>\n FSB hacked Brexit supporters<\/p>\n Computer Weekly revealed in 2022<\/a> that a Russian FSB-linked hacking group, known variously as Coldriver, Seaborgium, Callisto and Star Blizzard<\/a>, hacked and leaked emails and documents belonging to a former head of MI6<\/a>, and other members of a right-wing network campaigning for an extreme hard Brexit. The hacking group also conducted attacks against journalists, MPs and an NGO<\/a> in the UK.<\/p>\n Academics from the universities of Bristol, Cambridge and Edinburgh, including the\u00a0late\u00a0Ross Anderson<\/a>, professor of security engineering, first published researched in 2023 warning that linked desktop versions of Signal and WhatsApp could be compromised if accessed by a border guard or a malicious actor, enabling them to read all future messages.<\/p>\n![](\"https:\/\/www.newsbeep.com\/il\/wp-content\/uploads\/2026\/04\/Signal-Phishing-Message_half_column_mobile.png\")
<\/p>\n