Kremlin hackers attempting to compromise Signal, WhatsApp accounts globally
Summary
Dutch intelligence agencies MIVD and AIVD have issued a public advisory warning of a global Russian campaign aimed at compromising Signal and WhatsApp accounts belonging to dignitaries, civil servants and members of the armed forces.
The campaign targets individual accounts rather than exploiting platform-wide flaws. Attackers rely on social engineering — impersonating support staff, asking for verification codes or persuading victims to scan malicious QR codes to link devices — to take over accounts and read or impersonate victims in chats.
Dutch government employees have already been compromised, and the agencies warn journalists and others of interest to the Russian government may also be targeted. The advisory does not attribute the activity to a named Russian intelligence service or estimate the number of victims.
The agencies reiterate that Signal and WhatsApp themselves remain secure in transit thanks to the Signal Protocol, but that account or device compromise defeats end-to-end protection in practice.
Key Points
- Dutch MIVD and AIVD warn of a global Russian operation targeting Signal and WhatsApp accounts belonging to officials and military personnel.
- The campaign targets individuals using social engineering, not a platform-wide vulnerability.
- Common tactics include impersonating customer support to obtain verification codes and tricking victims into scanning malicious QR codes to link devices.
- Once an account is taken over, attackers can read messages, view history and impersonate the victim.
- Previous Russian operations have targeted messaging apps used by Ukrainian soldiers, politicians and journalists, and this campaign builds on that pattern.
- Agencies advise: never share verification codes, avoid scanning unknown QR codes and ignore messages purporting to be from Signal support.
Why should I read this?
Heads up — if you or people you work with use Signal or WhatsApp for anything sensitive, this matters. These attackers aren’t breaking crypto; they’re tricking people. We’ve skimmed the detail so you don’t have to: if you handle government, defence or journalistic information, take the simple precautions now (don’t share codes, don’t scan weird QR codes, enable account PINs) or you could wake up with your account hijacked.