The U.S. Cybersecurity and Infrastructure Security Agency (CISA), working alongside the FBI, has issued a new public warning that cyber threat actors linked to Russian intelligence services are actively targeting users of commercial messaging applications through sophisticated phishing campaigns. The advisory urges businesses, government agencies and individuals to remain vigilant as attackers attempt to gain unauthorized access to sensitive communications and digital accounts. According to the warning, attackers are impersonating legitimate technical support teams or trusted service providers. Victims receive convincing messages claiming there is a security issue with their account or that they must verify credentials. Users are then directed to fraudulent websites or asked to provide backup recovery keys, authentication codes or login credentials that enable attackers to seize control of accounts. Once an account is compromised, threat actors may monitor conversations, steal confidential documents, impersonate trusted contacts and expand attacks by sending malicious messages to colleagues, friends or business partners. Access to messaging platforms can also provide valuable intelligence for future cyber operations. The agencies recommend enabling multi-factor authentication wherever possible, safeguarding backup recovery codes, verifying support requests through official channels and avoiding clicking links from unsolicited messages. Organizations are also encouraged to educate employees about phishing techniques and establish incident reporting procedures. Cybersecurity experts note that social engineering remains one of the most effective attack methods because it exploits human trust rather than technical vulnerabilities. Even organizations with advanced security systems remain vulnerable if users unknowingly disclose authentication information. The advisory reflects growing concern over state-sponsored cyber activity targeting governments, critical infrastructure, financial institutions and private-sector organizations worldwide. As encrypted messaging applications become increasingly central to business communications, they have become attractive targets for intelligence gathering and espionage. Officials emphasize that maintaining cybersecurity requires continuous awareness, software updates, strong passwords, authentication protections and regular employee training to reduce the likelihood of successful phishing attacks.