The UK’s National Cyber Security Centre, the government agency responsible for cybersecurity guidance, has issued a warning about a campaign targeting user accounts on messaging platforms including WhatsApp and Signal, according to an official advisory.
The activity focuses on gaining access to accounts through social engineering techniques rather than exploiting technical vulnerabilities in the platforms. Attackers attempt to obtain login credentials, including one-time verification codes used during the account authentication process.
The campaign involves impersonation tactics, where threat actors pose as trusted contacts or legitimate service providers. Messages are designed to persuade individuals to share sensitive information that can be used to take control of their accounts. Once the required credentials are obtained, attackers can register their own devices and maintain access without further interaction from the account owner.
The targets include individuals working in government, defence, journalism, and civil society. The National Cyber Security Centre has linked the activity to threat actors associated with Russia, based on findings included in the advisory. The warning applies to individuals who may be of interest to those conducting the campaign.
Access to compromised accounts allows attackers to read private messages, collect contact lists, and send messages to other users while appearing as the legitimate account holder. This access can also be used to extend the campaign by targeting additional individuals connected to the victim and using existing conversations to increase credibility.
The advisory states that the encryption used by WhatsApp and Signal has not been broken. The attacks rely on user interaction and credential theft rather than weaknesses in the messaging platforms themselves.
Users are advised to avoid sharing verification codes, review linked devices connected to their accounts, and enable additional security features where available. The National Cyber Security Centre also advises checking account activity for unfamiliar sessions and ensuring that authentication settings are properly configured to reduce the risk of unauthorized access.