Seasons
Leaderboard
News
Learn
Research
Ranking
Ecosystem
Wallet

Russian Hackers Found A Signal Weak Spot In Recovery Keys

profile-alexey-bondarev
Alexey Bondarev1 hour ago
#Signal#Hackers#FBI#Russia
Russian Hackers Found A Signal Weak Spot In Recovery Keys

FBI and CISA warn that Russian hackers are phishing Signal users for backup recovery keys that can unlock message archives.

Key Points:

  • Russian intelligence-linked hackers are seeking Signal backup recovery keys, not only codes or PINs.
  • A stolen key can let attackers restore backups, read private and group chats, and keep access tied to the same number.
  • The campaign abuses social engineering and legitimate features, not Signal’s encryption.

Signal Hackers

The updated advisory, published Jun. 26, says Russian Intelligence Services-linked actors are posing as automated support accounts to push targets into exposing Signal recovery keys.

The notice identifies UNC5792 and UNC4221, names absent from the March warning, and links the activity to Russian intelligence groups, including FSB officers embedded with FSB Border Guards.

The campaign targets people the agencies describe as being of “high intelligence value,” including current and former U.S. and international officials, military personnel, political figures, journalists and officials in Ukraine.

Earlier versions asked targets for verification codes and account PINs, or used fake group invite links to connect an attacker’s device to the account.

The newer version tells users to enable Signal backups, open the recovery key screen and paste the key into the chat.

Also Read: Claude Fable 5 May Return As Washington Softens Anthropic Standoff

FBI Warning

The FBI said one sample message was framed as a mandatory two-factor authentication rollout, while another claimed urgent data recovery was needed to prevent message loss.

If a target shares the key, attackers can restore the backup, read private and group message history, and take over the account. The key can remain valid after the victim changes phones or creates a new account using the same number.

Generating a new key in Signal settings invalidates the old one for future backup downloads, but it does not undo any backup already accessed.

The tactic does not defeat Signal encryption or the app itself. It works because victims are persuaded to hand over credentials that protect their backups.

The State Department Rewards for Justice program is offering up to $10 million for information on UNC5792.

Google Threat Intelligence Group documented UNC5792 abusing Signal’s linked-device feature in early 2025, before researchers saw similar tradecraft aimed at WhatsApp and Telegram.

Read Next: PUMP Gains 12% While Protocol Data Warns The Rebound May Be Fragile

Disclaimer and Risk Warning: The information provided in this article is for educational and informational purposes only and is based on the author's opinion. It does not constitute financial, investment, legal, or tax advice. Cryptocurrency assets are highly volatile and subject to high risk, including the risk of losing all or a substantial amount of your investment. Trading or holding crypto assets may not be suitable for all investors. The views expressed in this article are solely those of the author(s) and do not represent the official policy or position of Yellow, its founders, or its executives. Always conduct your own thorough research (D.Y.O.R.) and consult a licensed financial professional before making any investment decision.
Latest News
Show All News
Europe Wants To Host Anthropic After U.S. Curbs Expose Its AI Weak Spot
7 minutes ago
Austria has urged Brussels to consider bringing Anthropic into Europe after U.S. restrictions cut off foreign access to the company’s top AI models. Key Points: Austria asked the European Commission
Bitget Blocked 150M Cyber Attacks In One Year, New Report Reveals
53 minutes ago
Bitget intercepted more than 150 million malicious requests over the past year, the crypto exchange said in a new fraud report built with security firm SlowMist. Bitget Reports Fraud Surge The excha
Claude Fable 5 May Return As Washington Softens Anthropic Standoff
3 hours ago
Anthropic may regain access to Claude Fable 5 within days, according to a report that says the White House is easing its AI restrictions. Key Points: Claude Fable 5 could reportedly return this comi
Related News
Suspected US-Origin iPhone Exploit Kit Reached Russian Spies And Chinese Crypto Thieves, Google Warns
Mar 04, 2026
Google's Threat Intelligence Group published research detailing a sophisticated iOS exploit framework called Coruna - containing 23 vulnerabilities ac
How Crypto Hides The Spies Buying America's Most Sensitive Files
Jun 25, 2026
Foreign intelligence services are paying recruited U.S. insiders in cryptocurrency to mask the source of funds while extracting sensitive government i
Attackers Deploy Sophisticated Phishing Operation To Steal MetaMask Users' Recovery Phrases
Jan 05, 2026
A phishing operation targeting MetaMask users has emerged using fake two-factor authentication alerts to steal wallet recovery phrases. The attack exp
Signal Chief Says AI Assistants Want The Keys To Your Private Life
Jun 21, 2026
Signal President Meredith Whittaker warned that users should not treat AI chatbots as friends, confidants or conscious partners in private conversatio
Crypto-Stealing Malware Found in Mobile App Store SDKs, Warns Kaspersky
Feb 05, 2025
Kaspersky Labs has identified a sophisticated malware campaign targeting cryptocurrency users through malicious software development kits embedded in
Related Research Articles
Web3's Security Crisis In 2026: Why The Biggest Hacks Are No Longer Just Smart-Contract Bugs
Apr 10, 2026
The crypto industry lost a record $3.4 billion to hacks in 2025, yet the defining story is not about buggy Solidity code. It is about compromised deve
Crypto Fraud in 2025 Hits Record Highs: From YouTube Deepfakes to Pig Butchering Scams
Jul 25, 2025
In 2025, cryptocurrency scams have escalated to unprecedented levels of sophistication and scale. As digital asset markets surged to new highs, frauds
Biggest Crypto Exploits Of 2025–2026: What Really Went Wrong
Mar 23, 2026
Crypto hacks in 2025 and early 2026 exceeded every prior annual record by dollar value, with losses reaching as high as $3.4 billion across a landscap
The Hidden Economics Of Memecoin Giveaway Farming
Mar 25, 2026
Somewhere in a reply thread underneath a cryptocurrency influencer's latest post, thousands of Solana (SOL) wallet addresses sit stacked like lottery
Lazarus And The Kelp Hack: How North Korea’s Crypto Heist Machine Keeps Evolving
Apr 21, 2026
On Saturday, Apr. 18, a cross-chain bridge run by Kelp DAO quietly bled 116,500 rsETH. By Monday, LayerZero had a name for the attackers. Not a new on
Related Learn Articles
Social Engineering Attacks in Crypto: 10 Proven Tips to Keep Your Digital Assets Safe
May 13, 2025
Social engineering has emerged as the predominant threat vector in the cryptocurrency ecosystem, exploiting human psychology rather than technical vul
Protect Your Crypto Exchange Account: Advanced Security Strategies Explained
May 19, 2025
Social engineering has become the leading threat in the cryptocurrency ecosystem, targeting human behavior instead of technical flaws to breach securi
Web3 Messaging Revolution: Jack Dorsey's Bitchat Blockchain Alternative to WhatsApp
Aug 19, 2025
Jack Dorsey's latest venture into decentralized communication represents the most radical departure yet from traditional internet-based messaging syst
Protect Your Ledger Wallet: How to Spot and Avoid the Latest Scam
May 01, 2025
In recent news, Ledger hardware wallet users have been thrust into the spotlight once more - this time by fraudsters employing an ingenious, yet alarm
7 Warning Signs Of Crypto Fraud That The $17B Scam Industry Hopes You Miss
Mar 16, 2026
Cryptocurrency scammers stole an estimated $17 billion in 2025, according to Chainalysis, while the FBI recorded $9.3 billion in reported U.S. losses