Russian intelligence-linked groups UNC5792 and UNC4221 have pivoted their Signal compromise campaign from QR-code device-linking attacks to targeted theft of Signal Backup Recovery Keys through social engineering, granting persistent offline access to complete historical message archives. No software vulnerability or patch exists — the attack surface is user behavior and credential handling. Organizations with personnel using Signal for sensitive communications, particularly government, military, journalists, and Ukraine-adjacent contacts, face a counterintelligence risk that policy and training must address.