FBI: Russian hackers now target Signal backup recovery keys
The FBI and CISA have issued an updated advisory warning that Russian Intelligence Services (RIS) — tracked as UNC5792 and UNC4221 — have evolved their Signal phishing campaign to now target Signal Backup Recovery Keys. Attackers impersonate Signal support, sending fake messages claiming mandatory two-factor verification is being introduced, then trick victims into copying and sharing their backup recovery key. With this key, attackers can restore a victim's full message history on their own devices. High-value targets include US and international government officials, military personnel, journalists, and Ukrainian officials. Critically, creating a new Signal account with the same phone number does not invalidate a stolen recovery key — users must manually generate a new key in backup settings, though this won't protect backups already downloaded by attackers.