Facebook Messenger
Meta's consumer messaging platform identified as a state-linked targeting surface via malicious QR codes alongside Signal and WhatsApp.
Last refreshed: 17 April 2026 · Appears in 1 active topic
Why is Facebook Messenger being targeted by Russian, Chinese and Iranian intelligence?
Timeline for Facebook Messenger
Mentioned in: Signal, WhatsApp hit by three states
Cybersecurity: Threats and Defences- Is Facebook Messenger being used to spy on journalists and politicians?
- NCSC and AIVD's joint advisory issued March 2026 confirmed that Russian FSB, Chinese APT31 and Iranian IRGC are targeting Messenger accounts of politicians, journalists and lawyers via malicious QR codes and contact impersonation.Source: NCSC-AIVD joint advisory
Background
Facebook Messenger was identified in the joint NCSC-AIVD advisory of 9 March 2026 as one of the three messaging platforms targeted by state-linked actors, alongside Signal and WhatsApp, using malicious QR codes and contact impersonation to compromise accounts of high-risk individuals. Named threat actors include Russia's FSB Star Blizzard, China's APT31 and Iran's IRGC.
Facebook Messenger is Meta's primary consumer messaging platform, operating alongside WhatsApp and Instagram Direct. Unlike Signal and WhatsApp, Messenger does not offer end-to-end encryption by default on all message types; its inclusion in the advisory suggests the targeting is less about breaking encryption and more about account compromise via social engineering and QR-code hijacking techniques, regardless of the platform's underlying encryption model.
For civil-society users in the advisory's risk categories (politicians, journalists, academics, lawyers), the NCSC-AIVD recommendation is passkeys and a device audit across all three platforms. The inclusion of Messenger, with its larger mainstream user base, indicates that state actors are not limiting operations to encrypted-first platforms and are following their targets across all communications channels.