A widespread cyber campaign orchestrated by Russian state-backed hackers is targeting users of the encrypted messaging apps Signal and WhatsApp, with a particular focus on government and military officials, as well as journalists, intelligence agencies have warned. The operation, which utilizes phishing and social engineering tactics rather than malware, aims to compromise accounts and potentially access sensitive communications.
The Netherlands’ Defence Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) jointly issued a public advisory detailing the “large-scale global” hacking effort. The agencies revealed that the hackers are attempting to trick individuals into revealing PIN codes necessary to access the messaging apps, according to a report from Reuters. This campaign underscores the ongoing threat posed by state-sponsored actors seeking to gain access to secure communication channels.
In the case of Signal, hackers are impersonating the app’s support team, contacting users directly with fabricated claims of suspicious activity or potential data leaks. They then request a verification code sent via SMS, along with the user’s PIN, to register a new device and gain access to the account. TechCrunch reports that even as victims can re-register their phone number and regain access to their chat history, the Dutch services caution against assuming everything is secure after doing so.
The campaign likewise exploits the “linked devices” feature within WhatsApp and Signal, allowing attackers to quietly monitor messages on connected devices without the user’s knowledge. This tactic, combined with the phishing attempts, represents a multi-pronged approach to account compromise. Dutch intelligence emphasized that the threat is directed at individual accounts, not vulnerabilities within the apps themselves, as stated by AIVD Director-General Simone Smit in NL Times.
How the Hack Works: Social Engineering and Account Takeover
The core of the attack relies on deceiving users into willingly handing over sensitive information. Hackers leverage the trust users place in official support channels, creating a sense of urgency to bypass security protocols. Once a verification code and PIN are obtained, the attackers can register a new device, effectively locking the legitimate user out of their account while gaining full access to their communications. This method avoids the detection often associated with traditional malware-based attacks.
Signal and WhatsApp: Secure Apps, Vulnerable Users
While Signal and WhatsApp offer end-to-end encryption, protecting the content of messages, they are not immune to social engineering attacks. Politico highlights that Signal is particularly targeted due to its reputation as a secure communication platform favored by government officials and journalists. Despite the encryption, Peter Reesink, director of the MIVD, warned that these apps should not be used for classified, confidential, or sensitive information.
The incident echoes past concerns about the leverage of Signal by U.S. Officials, including a 2025 event known as “Signalgate,” where classified information was exchanged on the platform. This latest campaign underscores the require for heightened vigilance and adherence to security best practices, even when using encrypted messaging apps.
What to Do: Protecting Your Account
Intelligence agencies recommend users remain cautious of unsolicited messages, particularly those requesting verification codes or PINs. Legitimate support teams will never request for this information directly through the app. Users should also be aware of the risks associated with linking multiple devices and regularly review connected devices for any unauthorized access. The AIVD and MIVD have issued a cyber advisory with further guidance on protecting against these attacks.
Looking ahead, the threat of state-sponsored cyberattacks targeting communication channels is likely to persist. Continued vigilance, coupled with robust security practices, will be crucial for mitigating the risk of account compromise and protecting sensitive information. The focus will likely shift towards refining social engineering tactics and exploiting vulnerabilities in user behavior, requiring ongoing adaptation and awareness.
What are your thoughts on this evolving threat? Share your comments below and help spread awareness about these important security concerns.
