The Dutch intelligence services, AIVD and MIVD, have issued a warning that Russian state-sponsored hackers are attempting to gain access to the WhatsApp and Signal accounts of high-ranking officials, military personnel, and civil servants worldwide.
Sensitive information has likely already been compromised, according to a report published on the Dutch Ministry of Defence website.
While WhatsApp and Signal are generally regarded as secure due to their end-to-end encryption, hackers are bypassing these technical safeguards by targeting the users themselves.
Instead of exploiting software vulnerabilities, the attackers use deception to "trick" victims into handing over verification and PIN codes, often by posing as helpdesk employees from the messaging services.
The hackers are also reportedly exploiting the "link device" feature, which allows users to connect their accounts to a secondary device by scanning a QR code.
Despite the security measures built into these applications, Vice-Admiral Peter Reesink, Director of the Military Intelligence and Security Service (MIVD), warned that they remain unsuitable for sharing highly sensitive data. "Applications such as Signal and WhatsApp, despite possessing end-to-end encryption, are not channels for confidential or sensitive information," he stated.
Simone Smit, Director-General of the General Intelligence and Security Service (AIVD), clarified that the threat is focused on individual accounts rather than a breach of the platforms themselves. "It is not the case that Signal or WhatsApp as a whole have been compromised; the threat is directed at the accounts of individual users," Smit noted.
Dutch officials among the victims
While the intelligence services have not released specific numbers or names of those affected, they confirmed that Dutch government employees have already fallen victim to the campaign. The services also noted that other high-profile groups, such as journalists, are likely targets.
In response to the threat, the AIVD and MIVD have published a set of guidelines detailing how individuals can protect their accounts against hijacking attempts. This includes advice for Signal users on how to identify if a contact's account may have been compromised.
