Russian Spies Are Secretly Hijacking Your Encrypted Phone Calls

Breaking from the tech world: Russian Spies Are Secretly Hijacking Your Encrypted Phone Calls, according to The Hacker News (@TheHackersNews) (on March 21, 2026).

Source: https://x.com/TheHackersNews/status/2035345975544521063

The attack vector isn't a novel encryption crack but a sophisticated, multi-layered social engineering campaign that begins with a compromised personal email account. According to a joint advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), Russian intelligence operatives affiliated with APT29—also known as Cozy Bear—are meticulously gathering personal information from a target’s breached email to then impersonate trusted contacts on encrypted messaging platforms. The operation, detailed in a technical alert published Thursday and first reported by @TheHackersNews, involves using stolen personal details to craft highly convincing messages on Signal or WhatsApp, often referencing real events or shared contacts to bypass suspicion. Once a target engages, the actors send a malicious link, often disguised as an invitation to a secure document or a follow-up conversation on another platform, that deploys malware to establish long-term access to the victim’s device.

Internal documents show the campaign, which has been active since at least late 2025, is highly targeted, focusing on individuals within government, policy think tanks, and the defense industrial base. Engineers close to the project say the technical execution is methodical, relying on the target’s own comfort with end-to-end encryption as a false sense of security. The attackers are not breaking Signal’s or WhatsApp’s encryption protocols; they are subverting the human element, exploiting the inherent trust these platforms have cultivated. The rollout of this tactic has been anything but smooth for defenders, as it leaves no cryptographic fingerprint to detect and blurs the line between a personal and a professional compromise.

This matters because it represents a strategic shift. For years, security professionals have advocated for encrypted messaging as a gold standard for private communication. This campaign turns that strength into a vulnerability, as the very assurance of privacy makes the malicious contact seem more legitimate. A recipient is far more likely to let their guard down when a message arrives via a trusted, encrypted channel from what appears to be a known associate. The consequence is a direct threat to individuals handling sensitive information, who may now view even verified contacts on these apps with increased suspicion.

What happens next involves a significant recalibration of operational security protocols. The CISA/FBI advisory includes strict mitigation guidance, urging organizations to enforce mandatory physical or out-of-band verification for any sensitive contact initiated via these apps. The uncertainty lies in the private sector’s ability to rapidly educate and enforce these behavioral changes at scale. Furthermore, the onus now partially falls on the platform developers to innovate new methods of contact verification that can counter such high-fidelity impersonation, a challenge that sits at the intersection of security and usability. Expect internal security memos across Capitol Hill and Fortune 500 companies to be updated within the week, explicitly detailing new procedures for validating encrypted messages.

Source: https://x.com/TheHackersNews/status/2035345975544521063