Existing federated sequential recommendation (FSR) systems exhibit weak resilience against targeted attacks, posing significant risks to user privacy and system stability. To address this, we propose the first dual-perspective collaborative attack framework: (i) an explicit importance sampling mechanism and (ii) a contrastive learning–driven implicit gradient optimization path—jointly enabling synchronized sampling-and-gradient adversarial perturbation in FSR for the first time. Complementing this, we design a dedicated defense strategy based on gradient shaping and federated model reverse modeling, establishing a closed-loop attack–defense evaluation. Extensive experiments demonstrate that our attack achieves an average 32.7% improvement in hit rate across multiple state-of-the-art sequential recommendation models. Moreover, the proposed defense effectively mitigates attack impact, validating both the efficacy and practicality of our approach.

Federated recommendation (FedRec) preserves user privacy by enabling decentralized training of personalized models, but this architecture is inherently vulnerable to adversarial attacks. Significant research has been conducted on targeted attacks in FedRec systems, motivated by commercial and social influence considerations. However, much of this work has largely overlooked the differential robustness of recommendation models. Moreover, our empirical findings indicate that existing targeted attack methods achieve only limited effectiveness in Federated Sequential Recommendation (FSR) tasks. Driven by these observations, we focus on investigating targeted attacks in FSR and propose a novel dualview attack framework, named DV-FSR. This attack method uniquely combines a sampling-based explicit strategy with a contrastive learning-based implicit gradient strategy to orchestrate a coordinated attack. Additionally, we introduce a specific defense mechanism tailored for targeted attacks in FSR, aiming to evaluate the mitigation effects of the attack method we proposed. Extensive experiments validate the effectiveness of our proposed approach on representative sequential models.