
Signal Phishing and Russian Intelligence Targeting Messaging Apps
Show notes
Russian intelligence services are targeting Signal, WhatsApp, and Telegram users — not by breaking encryption, but by stealing accounts through phishing, QR code tricks, linked-device abuse, and backup recovery key theft. Tom and Kevin break down the FBI warning, the $10 million Rewards for Justice bounty, and the practical security lesson for anyone relying on encrypted messaging: your app can be secure while your account, endpoint, or recovery path is still the weak link.
They also discuss why QR-code phishing and linked-device abuse can bypass what users expect from encrypted messaging, why endpoint and account recovery hygiene matter as much as encrypted transport, what to do when "support" asks for recovery keys or codes, and Tom's personal career update joining Secure Ideas as Executive Director of Consulting.
Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.
** Links mentioned on the show **
FBI IC3 PSA — Russian Intelligence Services Continue to Target Commercial Messaging Applications https://www.ic3.gov/PSA/2026/PSA260626
The Hacker News — FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys https://thehackernews.com/2026/06/fbi-warns-russian-intelligence-hackers.html
Infosecurity Magazine — FBI Sounds Alarm Over Russian Intelligence Signal Phishing https://www.infosecurity-magazine.com/news/fbi-alarm-russian-intelligence/
Rewards for Justice — UNC5792 https://rewardsforjustice.net/rewards/unc5792/
SecurityWeek — US Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks Evolve https://www.securityweek.com/us-offers-10-million-bounty-for-russian-state-hackers-as-messaging-app-attacks-evolve/
** Watch this episode on YouTube **
** Become a Shared Security Supporter **
Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel's membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join
** Thank you to our sponsors! **
SLNT
Visit https://slnt.com to check out SLNT's amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code "sharedsecurity".
** Subscribe and follow the podcast **
Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast
Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social
Follow us on Mastodon: https://infosec.exchange/@sharedsecurity
Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/
Visit our website: https://sharedsecurity.net
Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe
Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe
Leave us a rating and review: https://ratethispodcast.com/sharedsecurity
Contact us: https://sharedsecurity.net/contact