Security agencies in the Netherlands have issued a warning about a widespread cyber campaign aimed at users of popular messaging apps such as Signal and WhatsApp. According to the Dutch Defence Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD), the attacks are believed to be carried out by Russian state-linked hackers and are affecting individuals around the world.
The campaign reportedly focuses on high-profile targets including government officials, military personnel, journalists, and other individuals who rely on secure communication platforms. Instead of using traditional malware, the attackers are primarily relying on phishing and social engineering techniques to gain control of victims’ accounts.
One of the most common tactics involves impersonating the customer support team of Signal. In these cases, hackers contact potential victims directly, claiming there has been suspicious activity on their account, a possible data breach, or an attempt to access private information. Once the victim becomes concerned, the attackers request a verification code that is sent to the user’s phone via SMS. In some cases, they also ask for the user’s PIN code.
If the victim shares this information, the attackers can register a new device connected to the victim’s account using a different phone number. This allows them to impersonate the user, communicate with their contacts, and potentially collect sensitive information. Meanwhile, the legitimate account owner may be temporarily locked out.
Investigators note that Signal stores message history locally on the user’s phone. Because of this, victims who regain access to their accounts might still see their previous chats and assume nothing unusual has occurred. However, intelligence officials warn that the attackers may already have used the compromised account during that time.
The report also highlights additional tricks used in the attacks. Hackers sometimes send QR codes or malicious links disguised as invitations to join chat groups. If scanned, these codes may connect the attacker’s device directly to the victim’s account.
WhatsApp users are also being targeted through the platform’s “Linked Devices” feature. This option allows accounts to be accessed from additional devices such as laptops or tablets. If attackers convince someone to link a device under their control, they may gain access to messages without immediately alerting the victim.
Security experts advise users to never share verification codes, PINs, or login details with anyone. Being cautious with links, QR codes, and unexpected messages is also essential to prevent account compromise.
