Russian state backed hackers are running a global phishing campaign aimed at hijacking Signal and WhatsApp accounts used by officials, journalists, and military personnel.
Quick Summary – TLDR:
- Dutch intelligence agencies warn of a large scale cyber campaign linked to Russian state backed hackers.
- Attackers target Signal and WhatsApp users by tricking them into sharing verification codes and account details.
- Government officials, journalists, and military personnel are among the main targets.
- Authorities say encryption systems were not broken, but users were manipulated through phishing and social engineering.
What Happened?
Dutch intelligence agencies have warned about a global cyber campaign targeting users of popular messaging apps Signal and WhatsApp. The operation, believed to be linked to Russian state backed hackers, focuses on officials, journalists, and military personnel who often use these platforms for sensitive conversations.
Investigators say the attackers are not breaking encryption systems. Instead, they are relying on phishing and social engineering techniques to trick users into giving access to their own accounts.
Russian GRU cyber operatives are running a large-scale, targeted operations against Signal and WhatsApp users of government officials, military personnel and civil servants. The fake support message in the advisory tells victims, in capital letters: “DON’T TELL ANYONE THE CODE,… pic.twitter.com/yNk8pIPNof
— Lukasz Olejnik (@lukOlejnik) March 9, 2026
Dutch Intelligence Issues Global Warning
The warning came from two Dutch intelligence agencies, the General Dutch Intelligence Agency (AIVD) and the Dutch Military Intelligence and Security Service (MIVD). According to their advisory, the cyber campaign is already global and targets people who regularly handle sensitive information.
Authorities confirmed that Dutch government employees and journalists were among the victims of the campaign. Officials said attackers likely gained access to private conversations, group chats, and potentially sensitive information.
A government official said that Dutch authorities issued a cyber advisory to alert colleagues about the threat and to provide guidance on protecting accounts.
Hackers Exploit Human Error Instead of Breaking Encryption
Investigators say the attackers are not hacking the messaging platforms themselves. Instead, they are manipulating users into sharing access details.
The attackers typically send messages that appear to come from official support teams. These messages warn users about suspicious activity or possible data leaks and ask them to confirm their account.
Victims are then asked to provide sensitive details such as:
- SMS verification code
- Account PIN
Once the victim shares this information, the attacker can register the account on another device and gain full access.
Signal later confirmed that the attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information. The platform also clarified that its encryption and infrastructure were not compromised.
Fake Signal Support Bots Used in Attacks
One of the main techniques used in the campaign involves attackers impersonating a fake Signal support chatbot.
Victims receive a message claiming there is suspicious activity on their device. The message then asks them to share the verification code sent to their phone. Once the code is shared, the attacker can move the account to their own device.
Because Signal stores message history locally on a phone, victims who later regain access to their account may still see their old chats and assume nothing happened. Intelligence agencies warn that this assumption can be misleading.
WhatsApp Attacks Use Linked Device Feature
A different technique is being used against WhatsApp users. Attackers are reportedly exploiting the linked devices feature, which allows users to access WhatsApp on computers or tablets by scanning a QR code.
In some cases, attackers send a QR code disguised as a group invitation or login request. When the victim scans the code, the attacker’s device becomes linked to the account.
This allows hackers to silently monitor conversations, read messages, and even send messages while impersonating the victim.
Meta spokesperson Zade Alsawah said users should never share their six digit verification code with anyone.
Officials Warn Against Using Messaging Apps for Sensitive Data
Messaging platforms such as Signal and WhatsApp are widely trusted because of their end-to-end encryption. This reputation has made them popular among officials, journalists, and activists.
However, intelligence officials say that trust also makes these platforms attractive targets for foreign espionage.
Dutch intelligence chief Vice Admiral Peter Reesink warned that sensitive discussions should not happen on these apps. He said:
Experts say compromised accounts can also become entry points for further attacks, including sending malicious files or phishing messages to contacts.
Warning Signs of a Compromised Account
Dutch authorities also shared several indicators that may suggest an account has been compromised.
Possible warning signs include:
- A contact appearing twice in a group chat.
- Accounts suddenly showing as Deleted account without a clear notification.
- Unknown devices linked to the account.
Users are advised to review account security settings regularly and avoid sharing verification codes with anyone.
SQ Magazine Takeaway
I think this story highlights a growing reality in cybersecurity. Even the most secure apps cannot protect users from human manipulation. Encryption can safeguard messages, but it cannot stop someone from giving access away themselves. For anyone handling sensitive information, relying on consumer messaging apps for serious conversations is clearly risky. The biggest lesson here is simple: if someone asks for your verification code, it should immediately raise a red flag.
