The FBI and CISA warn that Russian intelligence-linked actors are impersonating messaging-app support accounts to steal Signal backup recovery keys, verification codes, and account PINs. The attacks do not break encryption, but they can expose message backups and keep account-takeover paths alive until users replace compromised keys.