Russian cybercrims phish their way into officials’ Signal and WhatsApp accounts
Summary
Dutch intelligence agencies AIVD and MIVD warn of a large-scale Russian-linked campaign that hijacks Signal and WhatsApp accounts by tricking victims into handing over verification codes or PINs. Attackers contact targets directly via chats, sometimes impersonating support bots, and request six-digit codes. They may also abuse Signal’s “linked devices” feature to mirror messages in real time. The campaign has already compromised people inside the Dutch government, along with journalists and military personnel. The agencies have issued an advisory and are helping affected users secure their accounts.
Key Points
- Attackers are not breaking end-to-end encryption; they are taking over accounts by social engineering.
- Common tactics include persuading users to share verification codes and impersonating official support messages.
- Signal’s “linked devices” feature can be abused to mirror conversations if an attacker links a device to the account.
- Victims include Dutch government employees, journalists and military personnel; sensitive information has likely been exposed.
- Dutch agencies published guidance and are assisting affected users to regain control and secure accounts.
- The advisory stresses that consumer encrypted apps are not suitable channels for classified or highly sensitive communications.
- Meta reminds users never to share six-digit codes and provides scam-protection advice for WhatsApp users.
Context and relevance
This story highlights a growing trend: adversaries bypass cryptography by targeting the human element. Rather than trying to decrypt messages, attackers exploit account recovery and device-linking features — a cheaper, lower-effort route to the same intelligence. For security teams, journalists and officials, this underlines the need to treat account controls and operational security (OPSEC) as seriously as transport-layer encryption. The incident ties into broader concerns about state-linked actors using hybrid tactics (phishing, impersonation, feature abuse) to harvest intelligence.
Why should I read this?
Because it’s exactly the sort of clever, low-tech scam that trips up organisations and individuals who assume encryption alone is enough. We’ve sifted the facts for you: if you use Signal or WhatsApp for anything sensitive, this is a proper wake-up call — and the advice is simple and immediate (don’t share codes, check linked devices, and don’t use consumer messengers for classified stuff).