Russian-backed hackers have launched a global cyber campaign aimed at gaining access to accounts on the encrypted messaging apps Signal and WhatsApp used by officials, military personnel and journalists, Dutch intelligence agencies said on Monday.
In a joint statement, the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD) said the hackers attempt to trick users into revealing security verification and PIN codes during chats initiated by the attackers.
The agencies said the tactic allows hackers to take control of personal accounts and gain access to private conversations and group chats.
“The Russian hackers have likely gained access to sensitive information,” the agencies said, adding that some victims include Dutch government employees and journalists.
Encrypted messaging platforms are widely used by officials to share confidential information, making them attractive targets for cyber espionage.
Investigators said the attackers frequently pose as a Signal Support chatbot, persuading users to share authentication codes. Another method involves exploiting the app’s “linked devices” feature to gain access to accounts.
Authorities warned that duplicated contacts or numbers appearing as “deleted account” in contact lists could signal that an account has been compromised.
Dutch authorities have issued a cyber advisory to government employees and are offering support to mitigate the threat.
Peter Reesink, director of the MIVD, said that despite strong encryption, messaging apps should not be used to share classified or highly sensitive information.
