Russian-backed hackers are conducting a global campaign to compromise Signal and WhatsApp accounts by tricking users, including Dutch officials and journalists, into divulging security verification codes. The hackers often pose as a Signal Support chatbot or exploit the 'linked devices' function to gain control of accounts.
Dutch intelligence agencies warn that the hackers have likely already accessed sensitive information, as these encrypted apps are popular for sharing confidential data. Authorities have issued a cyber advisory, noting that signs of a compromised account can include duplicate contacts or numbers showing as 'deleted account'.
Officials emphasize that, despite end-to-end encryption, these messaging apps should not be used for sharing classified or sensitive information. WhatsApp advised users never to share their six-digit code, while Signal could not be reached for comment.
Main topics: Russian cyber espionage campaign, targeting of encrypted messaging apps (Signal/WhatsApp), social engineering tactics, compromise of government and journalist accounts, and security warnings from Dutch intelligence.
Russian-backed hackers have launched a global cyber campaign to gain access to Signal and WhatsApp accounts used by officials, military personnel and journalists, two intelligence agencies in the Netherlands warned on Monday.
Users are persuaded in chats initiated by the hackers to divulge security verification and pin codes, giving âthem access â to personal â accounts and group chats, they said in a statement.
"The Russian hackers have likely gained âaccess to sensitive information," the General Dutch Intelligence Agency (AIVD) and Dutch Military Intelligence and âSecurity Service (MIVD) said.
"Targets and victims of the campaign include Dutch government employees" and journalists, the agencies said.
The chat apps offering end-to-end encryption are popular with government officials for sharing confidential â or classified âinformation, making them "the ideal place for malicious actors to try to capture sensitive information," they said.
WhatsApp, in a reaction sent â to Reuters, said users should never share their six-digit âcode with others and that it continued to âbuild ways to protect people from online threats.
Signal could not immediately be reached for comment.
Users persuaded to divulge security codes
The hackers most frequently masquerade as a Signal Support chatbot to induce targets to divulge the codes, enabling them to take control of the accounts, the statement âsaid.
Another method is to use the 'linked devices' function within Signal, it said.
Contacts appearing twice in a user's contact list, âor numbers âshowing up as 'deleted account' â could indicate that an account has been compromised, the agencies said.
Dutch authorities issued a cyber advisory notifying government colleagues of the vulnerability and providing âassistance to eliminate the threat, a spokesman said, citing the joint operation with the AIVD general intelligence service.
"Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information," said MIVD director, Vice-Admiral Peter Reesink.
Users are persuaded in chats initiated by the hackers to divulge security verification and pin codes, giving âthem access â to personal â accounts and group chats, they said in a statement.
"The Russian hackers have likely gained âaccess to sensitive information," the General Dutch Intelligence Agency (AIVD) and Dutch Military Intelligence and âSecurity Service (MIVD) said.
"Targets and victims of the campaign include Dutch government employees" and journalists, the agencies said.
The chat apps offering end-to-end encryption are popular with government officials for sharing confidential â or classified âinformation, making them "the ideal place for malicious actors to try to capture sensitive information," they said.
WhatsApp, in a reaction sent â to Reuters, said users should never share their six-digit âcode with others and that it continued to âbuild ways to protect people from online threats.
Signal could not immediately be reached for comment.
Users persuaded to divulge security codes
The hackers most frequently masquerade as a Signal Support chatbot to induce targets to divulge the codes, enabling them to take control of the accounts, the statement âsaid.
Another method is to use the 'linked devices' function within Signal, it said.
Contacts appearing twice in a user's contact list, âor numbers âshowing up as 'deleted account' â could indicate that an account has been compromised, the agencies said.
Dutch authorities issued a cyber advisory notifying government colleagues of the vulnerability and providing âassistance to eliminate the threat, a spokesman said, citing the joint operation with the AIVD general intelligence service.
"Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information," said MIVD director, Vice-Admiral Peter Reesink.
Meridiano
