Russian Hackers Target Signal and WhatsApp Users, Dutch Intelligence Warns
Dutch intelligence agencies have confirmed a large-scale, global cyber campaign by Russian state hackers targeting users of Signal and WhatsApp, particularly government officials, military personnel, and journalists. The attacks focus on gaining access to accounts through social engineering and phishing tactics, rather than exploiting technical vulnerabilities in the apps themselves.
Campaign Details and Tactics
The Dutch General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD) revealed that the hackers are attempting to obtain verification and PIN codes by impersonating Signal support chatbots. They are also exploiting the “linked devices” feature within both Signal and WhatsApp to enable remote surveillance of compromised accounts. Source: NL Times
Specifically, hackers pose as Signal support, warning users of suspicious activity or potential data leaks to trick them into revealing sensitive codes. Once access is gained, attackers can read messages and participate in chat groups undetected. Source: TechCrunch
Why Signal and WhatsApp?
Signal is a primary target due to its strong reputation for secure communication and its popularity among governments and individuals seeking privacy. Source: NL Times Despite end-to-end encryption, Dutch intelligence warns that these apps are not suitable for classified or sensitive government information. Source: DutchNews.nl
Account Compromise and Data Access
Although victims can often regain access to their chat history after re-registering their phone number, intelligence services caution that this does not guarantee the account hasn’t been compromised. Hackers may have already accessed and copied sensitive information. Source: TechCrunch The campaign has likely already resulted in the attackers gaining access to sensitive data. Source: DutchNews.nl
Broader Implications
The AIVD and MIVD have issued a cyber advisory to users, emphasizing that the threat targets individual accounts, not the underlying security of the messaging platforms themselves. Source: NL Times The attacks are global in scope, with targets including Dutch government employees and individuals of interest to Russian authorities. Source: AIVD
Key Takeaways
- Russian state hackers are actively targeting Signal and WhatsApp users worldwide.
- The attacks rely on social engineering and phishing, not technical exploits of the apps.
- Signal is a primary target due to its reputation for security.
- Encrypted messaging apps are not suitable for highly sensitive or classified information.
- Users should be vigilant against suspicious messages and protect their verification and PIN codes.