CISA, FBI update Russian messaging-app phishing PSA
For contractors and assessors, the useful part is not the warning label, but the refreshed indicators and message samples.
TL;DR
CISA and the Federal Bureau of Investigation updated their public service announcement on Russian Intelligence Services phishing campaigns against commercial messaging applications. The update adds recent tactics, recommended mitigations and phishing-message samples to March 2026 guidance. Executives, C3PAOs, contractors and managed service providers should refresh user guidance and threat indicators tied to credential compromise.
CISA and the Federal Bureau of Investigation issued a routine but useful update on Russian Intelligence Services phishing campaigns targeting commercial messaging applications. The new public service announcement builds on March 2026 guidance and adds recent tactics, recommended mitigations and phishing-message samples. The operational audience is straightforward: executives, Cybersecurity Maturity Model Certification Third Party Assessment Organizations, contractors and managed service providers that rely on commercial messaging platforms should review the updated indicators and countermeasures, then push the relevant examples into security awareness, help desk triage and account-compromise playbooks. The source notice does not specify which new platforms or tactics materially differ from the March PSA, so teams should treat the update as an indicator refresh rather than a new compliance obligation.
Published ·Deep Fathom