Dutch intelligence agencies have warned that Russian state-backed hackers are attempting to gain access to a large number of Signal and WhatsApp accounts belonging to dignitaries, military personnel, and civil servants around the world.
The Netherlands’ intelligence and security services confirmed that Dutch government employees have also been targeted and, in some cases, have fallen victim to the campaign. According to the agencies, other individuals of interest to the Russian government, including journalists, may also be targets.
Authorities say the attackers are trying to obtain verification and PIN codes that protect accounts on the messaging platforms. The most commonly observed tactic involves hackers posing as a Signal support chatbot. By convincing users to share the codes, the attackers can take over the victim’s account.
The campaign also abuses the “linked devices” feature available in both Signal and WhatsApp. By tricking users into linking a new device to their account, hackers can gain remote access without the victim realizing it.
Once an account is compromised, attackers can read incoming and outgoing messages and access group chats in which the victim participates. Dutch intelligence officials believe sensitive information may already have been obtained through the intrusions.
The agency notes that the attackers are not exploiting technical vulnerabilities in the messaging apps themselves. Instead, they are manipulating legitimate security features and relying on social engineering to gain access.