Dutch intelligence agencies warned on Monday that Russian state hackers are targeting Signal and WhatsApp accounts belonging to government officials, military staff, and journalists to bypass secure communications. Officials clarified that the hackers are not exploiting software vulnerabilities but are instead using social engineering tactics, such as impersonating support bots, to hijack individual user sessions and monitor private group chats.

The Dutch General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD) have identified a widespread campaign by Russian state actors to infiltrate popular messaging platforms. By posing as official support chatbots, these attackers attempt to trick high-value targets into revealing verification codes and PINs. This strategy specifically focuses on Signal due to its reputation for high security, making it a primary choice for government personnel and sensitive communication.

Once the hackers successfully gain entry to an account, they can read incoming messages and remain active in group chats entirely undetected. The agencies noted that attackers often exploit the "linked devices" feature to maintain long-term remote access for surveillance. Because the intruders are essentially operating as the legitimate user, they can monitor sensitive discussions and gather intelligence without triggering standard security alerts within the application.

Simone Smit, the Director-General of the AIVD, made it clear that the underlying technology of these apps remains intact. She stated that the threat is not a compromise of the applications themselves but a focused attack on the users. This distinction highlights that while the encryption used by Signal and WhatsApp is robust, it cannot protect a user if their account access is handed over to an adversary through deception.

In response to the threat, Vice Admiral Peter Reesink of the MIVD cautioned that these platforms should never be used to exchange classified or highly sensitive information, regardless of their encryption standards. To assist potential targets, the intelligence services released a joint cyber advisory detailing how to spot and mitigate these intrusions. The guidance emphasizes that individual vigilance is the most effective defense against these social engineering tactics.

The advisory urges users to frequently audit their group chats for duplicate or suspicious members and to verify any unusual account activity through secondary channels like phone calls or email. It warns that hackers often rename hijacked accounts to things like "Deleted account" to hide in plain sight. If a group administrator is suspected of being compromised, members are encouraged to abandon the group immediately and form a new, verified communication channel.

Source: Intelligence Confirms Russian State Hackers Target Dutch Signal And WhatsApp Accounts