The FBI advisory published this week describes a technique in which Russian intelligence operatives, attributed with medium confidence to units working under GRU and FSB tasking, two of Russia's primary foreign intelligence services, are not breaking Signal's end-to-end encryption. They are stealing the backup keys that let messages be restored from cloud storage in plain text. The distinction matters enormously, and almost no headline carried it. Signal's cryptographic protocol, the Double Ratchet algorithm, remains intact. What fails is the backup mechanism that makes Signal usable for people who change phones or lose devices. The gap between those two sentences is the entire story. Every enterprise that switched to Signal after 2022 on the grounds that it was more secure than email was making a claim about the protocol. The backup key lives in iCloud or Google Drive depending on the device, protected by whatever account security the user keeps on those platforms. If an attacker has access to those credentials, through phishing, through a prior device compromise, through an MFA bypass, the encrypted channel they could not read is now open. The encryption did not fail. The backup key did, and the remediation path runs through iCloud and Google Drive account security, not Signal's protocol team.
The North Korea macOS malware item from this week and the Amazon Q Developer credential-hijacking flaw together form a pattern that received less attention than it deserves. The North Korean campaign specifically targets AI-assisted triage tooling, the scripts and integrations security teams now use to prioritize alerts and connect detections. The technique is not especially new: the malware identifies processes tied to AI triage pipelines and adjusts its own behavior to avoid generating the alert signatures those tools are trained to catch. What is new is the targeting of the triage layer itself rather than the endpoint. A detection tool trained on clean behavior profiles can be made to see clean behavior. Amazon Q Developer is an AI coding assistant that writes code and queries repositories on the developer's behalf, and a flaw in it means a malicious repository can cause it to quietly send developer cloud credentials out during what looks, to the developer, like a normal code-generation session. Both items share the same structural feature: the tool the defender trusts to reduce cognitive load becomes the thing that gets exploited. The Polymarket supply-chain compromise, which reportedly cost customers three million dollars, sits one layer lower and runs the same pattern. In each case the trusted dependency is the vector; the cryptographic layer above it was never touched.
MAS TRM and HKMA CSSP both treat channel encryption as a sufficient control for certain messaging categories. Neither framework addresses backup key lifecycle at the asset-owner level. The Signal advisory exposes that gap directly: who holds the backup key, under what conditions it can be recovered, and whether that obligation sits with the vendor or the institution. The next MAS TRM revision cycle is due in 2026. The HKMA consulted on CSSP updates in Q1. Neither published draft names the backup key as a managed asset.