Dutch intelligence warns of Russian hackers targeting Signal and WhatsApp

Dutch intelligence services have warned of a new large-scale global cyber campaign by Russian state hackers aimed at gaining access to the accounts of senior officials and military personnel on Signal and WhatsApp.

Source: General Intelligence and Security Service (AIVD)

Details: The Dutch Military Intelligence and Security Service (MIVD) and the AIVD say that Dutch civil servants are among the targets and victims of the campaign. Other individuals of interest to the Russian government, such as journalists, may also become victims.

Notably, the campaign does not rely on sophisticated malware. Instead, attackers persuade victims to reveal their security verification codes and PINs. In many cases, they disguise themselves as support chatbots for messaging services. This means the messaging platforms themselves are not compromised; rather, individual users are targeted.

Another method used by Russian hackers involves the "linked devices" feature in Signal and WhatsApp. After successfully compromising an account, attackers can gain access to incoming messages, including those in the victim's group chats.

Dutch intelligence notes that the hackers have likely already used this campaign to obtain confidential information.

Background: In 2024, a Russian government-backed hacker group known as Secret Blizzard targeted Ukrainian military personnel by employing tools and infrastructure developed by cybercriminals.

Support Ukrainska Pravda on Patreon!