WASHINGTON, D.C. — The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a new Public Service Announcement warning that cyber threat actors associated with Russian intelligence services continue targeting users of commercial messaging applications through increasingly sophisticated phishing campaigns designed to steal sensitive account information.
The alert, designated I-062626-PSA, expands on an earlier advisory issued in March 2026 and provides updated guidance as investigators continue tracking the evolving campaign.
According to the FBI and CISA, multiple clusters of cyber threat actors linked to Russian Intelligence Services (RIS) have been conducting phishing operations aimed at individuals considered to have intelligence value. The targets reportedly include current and former government officials, military personnel, political figures, journalists, and key officials associated with Ukraine.
Federal authorities stated that the campaign does not involve breaking the encryption used by commercial messaging applications. Instead, investigators say the attackers focus on compromising individual user accounts by manipulating victims into voluntarily providing sensitive authentication information.
According to the advisory, the attackers commonly impersonate legitimate customer support representatives for messaging platforms. Victims receive convincing phishing messages claiming there is a problem with their account or backup configuration and are instructed to provide verification codes or backup recovery keys.
Once those credentials are surrendered, investigators warn the attackers can gain access to account data, including historical messages, private and group conversations, media, and other information contained within the account’s message backup.
The advisory notes that even if a victim creates a new account using the same phone number after a compromise, previously disclosed backup recovery keys may still remain valid. To mitigate the continuing risk, users should generate a new backup recovery key through the application’s security settings, which invalidates the previously compromised key for future backup downloads.
Federal authorities cautioned that generating a new recovery key cannot remove any account backup the threat actor may have already downloaded before the key was replaced.
Federal investigators have publicly tracked portions of the activity under the cybersecurity designations UNC5792 and UNC4221.
How the Phishing Scheme Works
According to the FBI and CISA, the phishing messages are designed to closely resemble legitimate communications from messaging application support teams.
The advisory includes examples of fraudulent messages that falsely claim:
- A user’s account is at risk.
- A backup synchronization issue requires immediate action.
- Verification codes or backup recovery keys must be provided.
- Support staff need account credentials to restore messages or media.
Authorities emphasize that legitimate messaging platform support services do not request verification codes or backup recovery keys through chat messages or email.
Security Recommendations
The FBI and CISA recommend that organizations and individual users:
- Verify that support communications originate from official company email addresses or authenticated support channels.
- Never provide verification codes to anyone claiming to represent customer support.
- Never share backup recovery keys with another individual.
- Ignore messages requesting account recovery information through chat applications.
- Review account security settings and regenerate backup recovery keys if compromise is suspected.
- Closely monitor messaging accounts for unusual activity or unauthorized logins.
Organizations are also encouraged to educate employees about social engineering tactics, particularly those working in government, defense, journalism, critical infrastructure, and other sectors frequently targeted by nation-state cyber actors.
Reporting Suspicious Activity
Individuals who believe they may have been targeted or compromised are encouraged to report the incident to:
- The FBI Internet Crime Complaint Center (IC3)
- Their local FBI field office
- CISA through established incident reporting channels
Federal officials stressed that rapid reporting can help investigators identify ongoing campaigns, warn additional potential victims, and limit the effectiveness of coordinated cyber operations.
The advisory serves as another reminder that modern cyber espionage increasingly relies on manipulating people rather than defeating encryption. By convincing users to surrender legitimate credentials, attackers can bypass sophisticated security protections without ever breaking the underlying technology.
Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency, Public Service Announcement I-062626-PSA, June 26, 2026.
🔥 NOW AVAILABLE! 🔥
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 1 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed
🔥 Kindle Edition 👉 https://a.co/d/9EoGKzh
🔥 Paperback 👉 https://a.co/d/9EoGKzh
🔥 Hardcover Edition 👉 https://a.co/d/0ITmDIB
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 2 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed just like the first one.
🔥 Kindle Edition 👉 https://a.co/d/1xlx7J2
🔥 Paperback 👉 https://a.co/d/a7vFHN6
🔥 Hardcover Edition 👉 https://a.co/d/efhu1ON
Get your copy today and experience poetry like never before. #InkAndFire #PoetryUnleashed #FuelTheFire
🚨 NOW AVAILABLE! 🚨
📖 THE INEVITABLE: THE DAWN OF A NEW ERA 📖
A powerful, eye-opening read that challenges the status quo and explores the future unfolding before us. Dive into a journey of truth, change, and the forces shaping our world.
🔥 Kindle Edition 👉 https://a.co/d/0FzX6MH
🔥 Paperback 👉 https://a.co/d/2IsxLof
🔥 Hardcover Edition 👉 https://a.co/d/bz01raP
Get your copy today and be part of the new era. #TheInevitable #TruthUnveiled #NewEra
🚀 NOW AVAILABLE! 🚀
📖 THE FORGOTTEN OUTPOST 📖
The Cold War Moon Base They Swore Never Existed
What if the moon landing was just the cover story?
Dive into the boldest investigation The Realist Juggernaut has ever published—featuring declassified files, ghost missions, whistleblower testimony, and black-budget secrets buried in lunar dust.
🔥 Kindle Edition 👉 https://a.co/d/2Mu03Iu
🛸 Paperback Coming Soon
Discover the base they never wanted you to find. TheForgottenOutpost #RealistJuggernaut #MoonBaseTruth #ColdWarSecrets #Declassified
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
