Netherlands warns of Russian hackers targeting Signal, WhatsApp accounts

Dutch authorities have issued a warning that Russian state-backed hackers are conducting a global campaign to compromise Signal and WhatsApp accounts belonging to government officials and military personnel. The advisory was released on March 9 by the Netherlands’ military intelligence service (MIVD) and domestic security agency (AIVD).

According to the agencies, the operation targets dignitaries, civil servants, and members of the armed forces. Dutch government employees are among those whose accounts have already been compromised. Officials cautioned that journalists and other individuals of interest to the Russian government could also be targeted, Caliber.Az reports via the Record. 

The agencies emphasised that the attacks focus on individual accounts and do not indicate any breach of Signal or WhatsApp themselves. Both platforms use the Signal Protocol, an end-to-end encryption system widely regarded as highly secure for protecting message content in transit. However, messages remain readable if attackers gain access to a user’s device or account.

“It is not the case that Signal or WhatsApp as a whole have been compromised,” AIVD Director-General Simone Smit said in a statement. “Individual user accounts are being targeted.”

The advisory did not provide estimates of the number of victims and did not attribute the activity to a specific Russian intelligence agency or known hacking group. Rather than exploiting technical vulnerabilities, the campaign relies on social engineering and abuse of legitimate app features.

Attackers typically impersonate customer support accounts and attempt to trick victims into sharing verification codes or PIN numbers required to access their messaging accounts. Hackers can trigger these codes by starting the normal registration process using the target’s phone number. Signal and WhatsApp automatically send a verification code to any number entered during account registration.

Another tactic involves persuading users to scan malicious QR codes or click links that connect a hacker’s device to the victim’s account through the apps’ “linked devices” feature, giving attackers access to chats and message history.

By Sabina Mammadli