Hackers believed to be linked to Russia are attempting to gain access to Signal and WhatsApp accounts of government officials, journalists, and military personnel worldwide—not by breaking encryption, but by manipulating users into giving up their access credentials.
This warning was issued on Monday by the Netherlands’ intelligence and military agencies, AIVD and MIVD, which reported a “large-scale” cyber operation focused on compromising accounts on these messaging platforms. Instead of attacking the apps’ end-to-end encryption, the campaign aims to take control of user accounts and discreetly monitor their communications.
According to the agencies, attackers directly contact targets through chats and convince them to share verification codes or PINs, effectively handing over account access. In certain instances, the hackers impersonate a Signal support bot to make their requests appear authentic. Once the code is provided, they can log in and view private messages or track group conversations without bypassing encryption.
Another technique involves exploiting Signal’s “linked devices” feature, which allows multiple devices to connect to one account. If attackers successfully link their own device, they can observe messages in real time. Dutch authorities confirmed that this campaign has already impacted individuals, including those within the Dutch government. “The Russian hackers have likely gained access to sensitive information,” the AIVD and MIVD said, adding that “targets and victims of the campaign include Dutch government employees” as well as journalists.
Ironically, the strong encryption that makes these platforms popular among officials and reporters also increases their value as targets once an account is compromised. While end-to-end encryption secures messages during transmission, it offers no protection if an attacker gains direct access to the account.
A Meta spokesperson told The Register that users should never share their six-digit code with others and that it provides detailed advice on how WhatsApp users can protect themselves from scams.
Signal did not immediately respond to The Register’s inquiries. Meanwhile, Dutch authorities have issued a cybersecurity advisory and are helping affected users secure their accounts. They also highlighted warning signs of a potential breach, such as duplicate contacts appearing or numbers being marked as “deleted account” unexpectedly.
The broader takeaway from intelligence officials is that while encrypted messaging apps are convenient, they are not designed for highly sensitive communication. As MIVD director Vice-Admiral Peter Reesink put it:
“Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information.”
In essence, relying solely on the assumption that no one will request a verification code may not be sufficient for maintaining operational security.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: