Russian-backed hackers have conducted a cyber campaign targeting accounts on Signal and WhatsApp used by government officials, military personnel, and journalists, according to Dutch intelligence agencies.
The warning was issued by the General Intelligence and Security Service and the Military Intelligence and Security Service, two intelligence bodies in the Netherlands responsible for national and military security. The agencies said attackers attempted to gain access to messaging accounts through social engineering techniques that persuaded users to disclose authentication information.
According to the agencies, victims were contacted through chat messages initiated by the attackers. The messages requested verification codes or PINs used to secure messaging accounts. If shared, these codes allowed the attackers to access personal accounts and associated group conversations.
The agencies said the operation targeted individuals in several sectors, including government staff, members of the military, and journalists. Dutch government employees were among those affected by the campaign.
In a joint statement, the agencies said the attackers had likely obtained sensitive information through the compromised accounts. The statement said encrypted messaging platforms are widely used by officials to exchange confidential information, which makes them a target for intelligence collection attempts.
One method used in the campaign involved impersonation of a support chatbot on Signal. Attackers posed as technical support representatives and asked users to share authentication codes. Once the code was provided, attackers were able to take control of the account.
The agencies also reported the use of Signal’s linked devices function. This feature allows a messaging account to be accessed from additional devices after a pairing process. By exploiting this function, attackers were able to connect their own devices to a victim’s account and receive messages sent to the account.
Officials said several indicators may suggest that an account has been compromised. These include duplicate contacts appearing in a contact list or phone numbers displayed as “deleted account.”
The Dutch government issued an internal cyber advisory to inform officials about the campaign and to provide guidance on addressing potential compromises. Authorities said assistance was offered to government personnel who may have been affected.
WhatsApp, a messaging service owned by Meta Platforms, said users should not share their six-digit verification codes with other people. The company said it continues to develop measures designed to protect users from online threats.
Signal, an encrypted messaging application operated by the Signal Foundation, did not provide an immediate comment at the time of reporting.
Vice Admiral Peter Reesink, director of the Military Intelligence and Security Service, said messaging applications with end-to-end encryption should not be used to transmit classified or highly sensitive information.