Good point. I was just thinking Witkoff must be dealing with Russian functionaries all the time in Moscow so they have near constant direct access. There’s nothing to stop them duping one of them in the US though, and it doesn’t seem like duping these guys would be a stretch.

Honestly, the Russians probably already have done so. It's just a matter of who's phone in that group has been compromised.

In a previous world, some three letter agency (FBI maybe?) would seize the phones in the chat to investigate the leak.

Man in the middle attacks require access to the mobile or networking infrastructure (so not necessary, but much more likely and easy)