The Dutch Minister of Defence warns of a cyber campaign linked to Russia that targets accounts on messaging platforms such as Signal and WhatsApp, belonging to government officials, military staff, and journalists.
The Russian campaign is focused on persuading users to divulge their security verification- and pincodes, allowing the hackers to gain access to the users’ Signal or WhatsApp accounts. The most frequently observed method used by the Russian hackers is to masquerade as a Signal Support chatbot in order to induce their targets to divulge their codes. The hackers can then use these codes to take over the user’s account. Another method used by the Russian actors takes advantage of the ‘linked devices’ function within Signal and WhatsApp.
Once an account has been successfully compromised, the hackers can read incoming messages, including messages in the victim’s chat groups. The Russian hackers likely gained access to sensitive information through this campaign.
Ömer Faruk Diken, cybersecurity researcher at SOCRadar:
“Messaging apps such as Signal and WhatsApp are widely used for private and professional communication. Many officials and journalists rely on them because they use end-to-end encryption. However, though encryption protects messages during transmission, it does not prevent attackers from accessing the account itself. If attackers gain control of the account or connect their own device, they can read conversations and collect information from chats and contact lists. For threat actors involved in espionage, this access can provide insight into discussions, contacts, and internal coordination.
“The warning from Dutch officials highlights a cyber campaign that targets messaging accounts used by people who handle sensitive information. By using social engineering and abusing messaging app features, attackers attempt to gain access to private conversations and contacts. Incidents like this also highlight the importance of basic security practices. Users should avoid clicking unknown links, never enter passwords or verification codes on suspicious pages, and always verify the source of requests for sensitive information. Email addresses can also be spoofed, so messages that ask users to click links or provide input should be checked carefully. When possible, organizations should enforce multi-factor authentication to add another layer of protection to communication accounts.
Lydia Atienza, Principal Threat Intelligence Researcher at Outpost24:
“Based on the techniques described in the advisory issued by Dutch intelligence agencies, there is little evidence of particularly novel tradecraft. The methods resemble the same social-engineering tactics long used by financially motivated cybercriminals to compromise messaging accounts. This serves as a reminder that state-linked actors do not always rely on highly sophisticated exploits. In many cases, the same techniques commonly seen in cybercrime can be just as effective in espionage campaigns.”
Additional Resources:
SOCRadar Blog: Russia Targets Signal and WhatsApp Accounts, Dutch Officials Warn
Like this:
Like Loading...
Related
This entry was posted on March 9, 2026 at 3:23 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Russia State Hackers Target Signal & WhatsApp Accounts of Officials & Journalists
The Dutch Minister of Defence warns of a cyber campaign linked to Russia that targets accounts on messaging platforms such as Signal and WhatsApp, belonging to government officials, military staff, and journalists.
The Russian campaign is focused on persuading users to divulge their security verification- and pincodes, allowing the hackers to gain access to the users’ Signal or WhatsApp accounts. The most frequently observed method used by the Russian hackers is to masquerade as a Signal Support chatbot in order to induce their targets to divulge their codes. The hackers can then use these codes to take over the user’s account. Another method used by the Russian actors takes advantage of the ‘linked devices’ function within Signal and WhatsApp.
Once an account has been successfully compromised, the hackers can read incoming messages, including messages in the victim’s chat groups. The Russian hackers likely gained access to sensitive information through this campaign.
Ömer Faruk Diken, cybersecurity researcher at SOCRadar:
“Messaging apps such as Signal and WhatsApp are widely used for private and professional communication. Many officials and journalists rely on them because they use end-to-end encryption. However, though encryption protects messages during transmission, it does not prevent attackers from accessing the account itself. If attackers gain control of the account or connect their own device, they can read conversations and collect information from chats and contact lists. For threat actors involved in espionage, this access can provide insight into discussions, contacts, and internal coordination.
“The warning from Dutch officials highlights a cyber campaign that targets messaging accounts used by people who handle sensitive information. By using social engineering and abusing messaging app features, attackers attempt to gain access to private conversations and contacts. Incidents like this also highlight the importance of basic security practices. Users should avoid clicking unknown links, never enter passwords or verification codes on suspicious pages, and always verify the source of requests for sensitive information. Email addresses can also be spoofed, so messages that ask users to click links or provide input should be checked carefully. When possible, organizations should enforce multi-factor authentication to add another layer of protection to communication accounts.
Lydia Atienza, Principal Threat Intelligence Researcher at Outpost24:
“Based on the techniques described in the advisory issued by Dutch intelligence agencies, there is little evidence of particularly novel tradecraft. The methods resemble the same social-engineering tactics long used by financially motivated cybercriminals to compromise messaging accounts. This serves as a reminder that state-linked actors do not always rely on highly sophisticated exploits. In many cases, the same techniques commonly seen in cybercrime can be just as effective in espionage campaigns.”
Additional Resources:
SOCRadar Blog: Russia Targets Signal and WhatsApp Accounts, Dutch Officials Warn
Share this:
Like this:
Related
This entry was posted on March 9, 2026 at 3:23 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.