Organisation

FSB

Russian domestic and foreign security service; FSB Star Blizzard targets journalists and politicians via messaging-app compromise.

Last refreshed: 17 April 2026

Key Question

How is the FSB targeting journalists' Signal accounts, and what can high-risk individuals do?

Timeline for FSB

#117 Apr

Mentioned in: Signal, WhatsApp hit by three states

Cybersecurity: Threats and Defences

View full timeline →

Common Questions

What is FSB Star Blizzard and who does it target?: FSB Star Blizzard is a Russian cyber unit that runs social-engineering campaigns against journalists, politicians, academics and lawyers. It uses malicious QR codes and fake contact invitations to compromise Signal, WhatsApp and Messenger accounts.Source: NCSC / AIVD advisory March 2026
How can journalists protect their Signal account from Russian hackers?: NCSC and AIVD recommend enabling passkeys for linked devices, auditing registered devices regularly for unfamiliar entries, and being vigilant about QR codes in apparent group invitation flows that could link attacker-controlled devices.Source: NCSC-AIVD advisory March 2026
Is the FSB the same as the KGB?: The FSB is the KGB's successor for domestic security and counter-intelligence, founded in 1995. The SVR succeeded the KGB's foreign intelligence directorate. The FSB has significantly expanded its offensive cyber mandate beyond the KGB's original REMIT.

Background

The FSB (Federal Security Service, Federalnaya Sluzhba Bezopasnosti) is Russia's primary domestic intelligence and counter-intelligence agency and a Major actor in offensive cyber operations against foreign targets. In March 2026, a joint advisory from NCSC and the Dutch AIVD attributed to FSB's Star Blizzard unit a sustained campaign targeting the Signal, WhatsApp and Facebook Messenger accounts of politicians, journalists, academics and lawyers using malicious QR codes and contact impersonation.

The FSB traces its lineage to the Soviet KGB. It has primary responsibility for domestic security, counter-terrorism and counter-espionage inside Russia, but also maintains substantial foreign intelligence operations under the SVR's formal REMIT. Its cyber arm, historically tracked as Gamaredon and more recently as Star Blizzard and Turla, is assessed by Western agencies to run systematic targeting of civil-society organisations, opposition figures and foreign government officials. Star Blizzard specifically specialises in long-running, relationship-based social-engineering campaigns rather than technical exploits.

The March 2026 NCSC-AIVD advisory places FSB Star Blizzard alongside China's APT31 and Iran's IRGC in a shared technique set, suggesting a convergence in the civil-society targeting playbook across three state adversaries. The recommended mitigations, passkeys and device audits, differ from typical enterprise security guidance and are aimed at high-risk individuals rather than corporate IT teams.

How the World Sees Them

Russia

The FSB is a domestic security priority institution with a public profile focused on counter-terrorism and state protection. Foreign cyber operations are not publicly acknowledged.

Netherlands

AIVD co-issued the March 2026 advisory and has publicly attributed FSB operations to targeting of Dutch political and scientific institutions.

Civil society

Press Freedom organisations and journalists' safety groups have flagged FSB Star Blizzard as a top-tier threat to sources, reporters and human-rights workers globally.

United Kingdom

NCSC has attributed FSB Star Blizzard to attacks on UK MPs, journalists and defence researchers. The March 2026 advisory is the most recent UK public attribution.