Key Findings Attackers are conducting a coordinated phishing campaign targeting Signal users by impersonating Signal Support via text messages The campaign specifically seeks backup recovery keys, which decrypt entire message archives stored on Signal's servers, not just future communications Journalists, activists, and human rights workers are confirmed targets, with reports of campaigns against Chinese activists and German officials A 64-character recovery key grants access