Russian government hackers are targeting users of Signal and WhatsApp around the world, with a particular focus on government and military officials as well as journalists, Dutch intelligence agencies said on Monday.
The Netherlands’ Defence Intelligence and Security Service, known as the MIVD, and the General Intelligence and Security Service, or AIVD, released details of what they described as a “large-scale global” hacking campaign aimed at users of both Signal and WhatsApp. The two agencies said that “Russian state actors” are using phishing and social engineering, rather than malware, to seize control of accounts on the two messaging platforms.
According to the report, in the case of Signal, attackers pose as the app’s support team and contact targets directly with warnings about suspicious activity, “a possible data leak,” or attempts to access the target’s private information. If the target is deceived, the hackers request a verification code delivered by SMS — which they themselves request from Signal — along with the target’s PIN.
The report said the attackers then use the verification code and PIN to register a new device using a different phone number, impersonate the victim, and potentially gain access to the victim’s contacts. The victim is also locked out of the account, but can register their phone number again afterwards.
“Because Signal stores the chat history locally on the phone, a victim can regain access to that history after re-registering. As a result, the victim may assume that nothing is wrong. The Dutch services want to stress that this assumption could be incorrect,” the report said.
Signal does not offer support directly through the app. It is also worth noting that, in general, when a new device is added to a Signal account, it does not gain access to earlier messages.
Signal posted a thread on social media with advice for users on staying safe, including a warning not to share their SMS verification code or PIN.
The Dutch report also said hackers are trying to trick people on both Signal and WhatsApp into scanning malicious QR codes or clicking harmful links. “For example, an actor may send a QR code or link to a victim to add them to a chat group, but this QR code or link actually links the actor’s device to the victim’s account,” the report explained.
In WhatsApp’s case, the hackers are exploiting the app’s “Linked devices” feature, which lets users access WhatsApp from a second device such as a laptop or tablet. If attackers successfully deceive their targets, they can potentially read previous messages — unlike in Signal. In some cases, the victim may not even realise the hackers have gained access because they are not logged out of their account.
Meta spokesperson Zade Alsawah said WhatsApp advises users not to share their six-digit code with anyone and pointed to Help Centre pages that help users identify suspicious messages and explain the Linked Devices feature.
Laurens Bos, a spokesperson for the Dutch Ministry of Defence, declined to share additional details about the campaign.
Some of the methods highlighted by Dutch intelligence in this report have previously been known to be used by Russian government hackers in connection with the war in Ukraine.
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
