‹ ARCHIVE NB-L070 · .log · 2026·07

Signal's lock held. You were the one who opened it.

Signal's lock held. You were the one who opened it.
NB-L070 .log

The FBI and the top U.S. cybersecurity agency have renewed their warning: Russian intelligence services are talking Signal users into handing over their own backup recovery key. Signal is an encrypted messaging app, and once that key is handed over, the attacker restores the account's backup on another phone and can read the entire history of private and group chats, or take the account over completely.

Notice what did not happen, because that is where the lesson lives. No one broke Signal's encryption. The math that scrambles the messages is still intact; what gave way was the person holding the key.

This shift in target is worth understanding. For years, anyone who wanted to read encrypted conversations had to attack the technology, and the technology held. Now they attack the user, with a conversation that looks harmless. None of this takes genius, it takes patience and a script that sounds real.

How the conversation catches you

The message poses as "Signal support." Earlier waves asked for SMS verification codes and the account PIN. The latest version goes further and walks the victim through it step by step, asking them to turn on backups, open the recovery key, the master password that lets those backups be restored on another device, and paste it right there in the chat.

The cruel detail is how it lingers. According to the advisory, the key keeps working afterward, and creating a new account on the same number does not fix it, the old key can still be used against it. There is only one real way out, generate a new key in the settings, which cancels the old one.

The joint FBI and CISA advisory, updated on 26 June, gives two tracking names to these groups, UNC5792 and UNC4221, and ties the activity to Russia's intelligence services, the FSB and its military branches. The preferred targets are people of high intelligence value: current and former U.S. and international officials, military personnel, political figures, journalists, and Ukrainian officials. This is not a U.S.-only problem, Dutch, French, and German intelligence had already issued the same alert, and Google was first to document the campaign, back in February 2025. The U.S. State Department is even offering up to $10 million for information on one of these groups.

Why this matters even if you are not a target

You might think none of this touches you, that you are not a spy or an investigative journalist. But the script is the same one used against everyone, every day. It is the fake bank calling to ask for the code you just received by SMS, the fake courier email, the "support" that shows up to fix a problem you never had. Change the target and the prize, the move is always the same, getting you to hand over with your own hands what no lock would ever give up on its own.

This is why the belief that "I use an encrypted app, so I am safe" is a dangerous half-truth. Encryption protects the message while it travels, it does not protect you from being talked into opening the door from the inside.

How to protect yourself

The authorities' advice is simple, and it holds for any app, not just Signal:

  • Treat any message from "support" as hostile. Real support does not approach you inside the app to ask for your data.
  • Never paste a key, a code, or a PIN into a chat. Nothing legitimate asks for that, a code you received is yours alone.
  • Check your linked devices. In the settings, look at the list of devices with access to your account and remove anything you do not recognize.
  • If you already handed over the key, generate a new one now. Cancel the old one in the settings and assume the previous backup is compromised.

Signal's lock held, and that is the good news and the bad news at once, because when the technology becomes hard to break, the shortest path to your conversations becomes talking you into opening them yourself.

Sources: The Hacker News, FBI / IC3 (alert I-062626-PSA), Google Threat Intelligence.

#StaySafe
🙏🖖

DOMAIN
BRI assistant

Quer saber sobre um projeto, um serviço ou uma notícia recente? Pergunte. Conheço todo o conteúdo deste site.