Russian-Linked Hackers Target Secure Messaging Apps * Science and Technology Times

Russian-backed hackers have attempted to compromise Signal and WhatsApp accounts used by officials, military personnel, and journalists, according to Dutch intelligence.
The attackers relied on social engineering to obtain verification codes and gain access to private chats.
Authorities warn that despite end-to-end encryption, messaging apps should not be used for sensitive or classified communication.

Growing Concerns Over Messaging App Security

Dutch intelligence agencies AIVD and MIVD reported a coordinated global campaign aimed at infiltrating accounts on Signal and WhatsApp. Attackers initiated conversations with targets and persuaded them to reveal verification or PIN codes, enabling unauthorized access to personal and group chats. Officials noted that the hackers likely obtained sensitive information during these operations. The agencies confirmed that Dutch government employees and journalists were among those affected.

The popularity of encrypted messaging apps among officials has made them attractive targets for espionage. While end-to-end encryption protects message content from interception, it does not prevent account takeover through social engineering. Hackers exploited this gap by impersonating trusted support channels. Their approach relied on convincing users that immediate action was required to secure their accounts. This tactic allowed them to bypass technical safeguards without breaching the apps’ underlying encryption.

WhatsApp emphasized that users should never share their six-digit verification codes with anyone. The company stated that it continues to develop additional protections against account hijacking attempts. Signal clarified that its infrastructure and encryption remain uncompromised. It described the attacks as sophisticated phishing campaigns designed to trick users into revealing sensitive information. Both companies stressed that user vigilance is essential to preventing unauthorized access.

Methods Used to Compromise Accounts

The attackers frequently posed as a Signal Support chatbot to deceive users. By mimicking official communication, they created a sense of urgency that encouraged targets to hand over verification codes. Once obtained, these codes allowed the hackers to take control of accounts and access ongoing conversations. The Dutch agencies highlighted that this method was the most common tactic observed in the campaign. They also noted that the attackers demonstrated a high level of preparation and persistence.

Another technique involved exploiting Signal’s linked devices feature. This function allows users to connect multiple devices to a single account, but it can also be misused if verification steps are bypassed. Hackers attempted to add their own devices to compromised accounts, granting them continuous access. Users might notice unusual behavior, such as duplicate contacts or entries labeled as “deleted account.” These signs could indicate that an account has been compromised or tampered with.

Dutch authorities issued a cyber advisory to government institutions following the discovery of the campaign. The advisory outlined the threat, provided indicators of compromise, and offered guidance on mitigation. Officials worked closely with intelligence services to ensure that affected systems were secured. The response aimed to limit further exposure and prevent additional account takeovers. Authorities also encouraged organizations to review their communication practices.

Vice-Admiral Peter Reesink, director of the MIVD, reiterated that encrypted messaging apps should not be used for classified or sensitive information. He emphasized that while encryption protects message content, it does not eliminate the risks associated with human error. The campaign demonstrated how attackers can circumvent technical protections by manipulating users. Reesink urged government personnel to rely on approved secure communication channels for sensitive discussions. His comments underscored the need for stronger operational security practices.

Implications for Government and Media Users

The incident highlights the ongoing challenges faced by officials and journalists who rely on digital communication tools. Secure messaging apps offer convenience and privacy, but they are not immune to targeted attacks. Social engineering remains one of the most effective methods for breaching accounts. Attackers often focus on individuals with access to valuable information, making government and media professionals frequent targets. This campaign illustrates how geopolitical tensions can manifest in cyber operations.

Organizations are encouraged to adopt multi-layered security measures to reduce the risk of account compromise. These include enabling additional verification steps, monitoring for unusual account activity, and educating users about phishing tactics. Regular training can help individuals recognize suspicious messages and avoid sharing sensitive information. Institutions may also consider limiting the use of consumer messaging apps for official communication. Establishing clear guidelines can help prevent accidental exposure of confidential data.

The Dutch intelligence agencies’ warning serves as a reminder that cybersecurity threats continue to evolve. Attackers are increasingly blending technical skills with psychological manipulation. As a result, even well-secured platforms can be vulnerable if users are not cautious. Governments and organizations must remain proactive in identifying emerging threats. Collaboration between intelligence services, technology companies, and users is essential to maintaining secure communication environments.