The FBI and CISA have expanded their warnings about an ongoing campaign targeting Signal users. What started as routine phishing attempts has evolved into a more surgical attack: operators are now specifically extracting backup recovery keys from compromised accounts. Once obtained, these keys provide persistent access to message history, group conversations, and account control—even if the user changes their password.
Why Backup Recovery Keys Are High-Value Targets
Signal's backup recovery key is a 30-character string that protects encrypted backups of your message history. If you've enabled encrypted backups, this key is the only way to restore your conversation archive to a new device. From a security perspective, it occupies an uncomfortable middle ground: it's more persistent than a session token and more powerful than a password.
An attacker holding your backup recovery key can restore your entire message history without needing to intercept traffic or crack encryption. They see what you saw—every private message, every group conversation, every file shared. The key itself doesn't expire or rotate unless you manually generate a new one. This makes it genuinely valuable to intelligence operators who want sustained visibility into a target's communications.
The phishing flow is deliberate. Attackers send credential-stealing emails to Signal users, typically masquerading as Signal support or related services. Once they compromise the account, they persuade the target to provide the backup recovery key—often by claiming account verification is needed or that a security check requires it. From there, they can restore the backup and maintain access even if the account is later secured.
The Technical Asymmetry of Backup Keys
What makes this attack particularly effective is that backup recovery keys don't follow the same lifecycle as passwords. A compromised password can be reset. Two-factor authentication can be re-enrolled. But a backup recovery key, once stolen, remains valid indefinitely unless the user explicitly rotates it—something most people don't do. The attacker doesn't need to maintain an active login; they simply restore the backup periodically to check for new messages.
This is different from attacks on the messaging service itself. Signal's protocol is sound. The attack doesn't exploit a weakness in end-to-end encryption. Instead, it exploits the human and operational layer: the fact that users store recovery credentials, that phishing remains effective, and that people often don't treat backup keys with the same caution as passwords.
The FBI and CISA warning notes that Russian intelligence operators have been actively running this campaign, which suggests this isn't opportunistic cybercrime but rather a targeted intelligence collection effort. That distinction matters: these operators are willing to invest in social engineering and follow-up, because the intelligence payoff is high enough to justify the effort.
Practical Defence Measures
If you use Signal's encrypted backup feature, the first step is to treat your recovery key like a private key in a cryptocurrency wallet. Don't share it with anyone, ever. Signal support will never ask for it. If someone claiming to be Signal asks for this string, they are not Signal.
Second, be cautious about phishing emails that reference Signal, authentication, or account verification. Attackers often create plausible-looking domains and messaging that mimics official communications. Verify links independently rather than clicking them in emails. Use Signal's official website directly if you need account help.
Third, if you've already shared your recovery key with anyone or suspect your backup key has been compromised, disable encrypted backups, generate a new recovery key from Signal's settings, and enable backups again. This invalidates the old key.
For users working in sensitive contexts—journalists, activists, security researchers—this campaign underscores that encrypted messaging alone isn't sufficient. You also need to secure the operational layer: how you authenticate, how you store credentials, and how you verify the legitimacy of requests.
The Broader Lesson on Infrastructure and Credentials
This attack pattern reflects a broader truth in security: authentication credentials and recovery mechanisms are often the weakest link in an otherwise sound system. Signal's encryption is strong. The problem isn't the encryption; it's the human process around it. A user tricked into handing over a backup key undermines all the cryptographic work that went into the protocol.
For anyone operating infrastructure, hosting services, or applications that handle sensitive data, this is a reminder that user education and credential hygiene matter as much as the underlying security architecture. Multi-factor authentication, recovery codes, and backup keys are powerful tools—and they're equally powerful in an attacker's hands if compromised.
