🟠 High | Source: The Hacker News
Russian intelligence operatives have evolved their Signal phishing campaign to specifically target users’ Backup Recovery Keys — a static credential that grants full access to message history and account control. Unlike a password reset, the key remains valid indefinitely once compromised, giving attackers persistent, silent access. The FBI and CISA have updated their advisory to reflect this escalated tactic.
Security Architect’s Take: Advise staff and privileged users to treat Signal Backup Recovery Keys with the same sensitivity as MFA seed phrases — never share them and store them offline in a secrets manager or physical safe. Consider issuing guidance that no legitimate service or authority will ever request this key, and review whether Signal is approved for handling sensitive organisational communications given this persistent credential risk.
Original advisory: FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys