FBI: Russian Intelligence Services Continue to Target Commercial Messaging Applications "The FBI and CISA are issuing

FBI: Russian Intelligence Services Continue to Target Commercial Messaging Applications

"The FBI and CISA are issuing this update to the March 20, 2026, Public Service Announcement I-032026-PSA to provide additional information to the public and encourage device owners to take actions to protect themselves.

The FBI has identified multiple clusters of Russian Intelligence Services (RIS) cyber threat actors responsible for an ongoing commercial messaging application (CMA) phishing campaign against individuals of high intelligence value. Russian Federal Security Service (FSB) officers embedded with the FSB Border Guards and others working on behalf of the Russian military services continue to target current and former U.S. and international government officials, military personnel, political figures, journalists, and key officials located in Ukraine. RIS cyber threat actors have compromised individual CMA accounts, but not the CMA's encryption or the application itself. To date, this activity has been publicly tracked as UNC5792 and UNC4221.

RIS cyber threat actors continue to masquerade as automated CMA support accounts in updated phishing messages but have evolved their tactics to attempt to elicit victims' Backup Recovery Keys. RIS cyber threat actors continue to elicit victims' verification codes and account PINs (see Figure 1). If a targeted user backs up their CMA messages as directed in Figure 1 and later provides their Backup Recovery Key (see Figure 2), RIS cyber threat actors can view the account's historical messages, private and group messages, and take over the victim's account."