Russian-Backed Hackers Target Signal and WhatsApp Accounts of Officials and Journalists
Dutch intelligence agencies revealed on March 9 that Russian-backed hackers have launched a global cyber campaign to infiltrate Signal and WhatsApp accounts belonging to government officials, military personnel, and journalists. The attackers trick users into disclosing security verification codes or PINs during deceptive chats, granting access to personal accounts and sensitive group conversations.
The General Dutch Intelligence Agency (AIVD) and Military Intelligence and Security Service (MIVD) warned that the hackers likely obtained classified information, with Dutch government employees and journalists among the confirmed targets. End-to-end encrypted messaging apps like Signal and WhatsApp are favored for secure communication, making them prime targets for cyber espionage.
The hackers primarily impersonate a Signal Support chatbot to extract verification codes, while also exploiting Signal’s "linked devices" feature. Signs of compromise include duplicate contacts or accounts marked as "deleted." WhatsApp responded by advising users against sharing their six-digit codes, though Signal did not immediately comment.
Dutch authorities issued a cyber advisory to mitigate the threat, with MIVD director Vice-Admiral Peter Reesink cautioning that even encrypted apps should not be used for transmitting highly sensitive information. The campaign underscores the persistent risks of social engineering in cyber espionage.
Source: https://www.globalbankingandfinance.com/russia-backed-hackers-breach-signal-whatsapp-accounts/
General Dynamics cybersecurity rating report: https://www.rankiteo.com/company/general-dynamics
WhatsApp cybersecurity rating report: https://www.rankiteo.com/company/whatsapp.
"id": "GENWHA1773052486",
"linkid": "general-dynamics, whatsapp.",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Public Sector',
'location': 'Netherlands',
'name': 'Dutch government employees',
'type': 'Government'},
{'industry': 'Media',
'location': 'Global',
'name': 'Journalists',
'type': 'Individuals'},
{'industry': 'Defense',
'location': 'Global',
'name': 'Military personnel',
'type': 'Government'}],
'attack_vector': 'Social Engineering',
'customer_advisories': 'Users advised not to share six-digit verification '
'codes and to monitor for signs of compromise.',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Classified information, personal '
'accounts, sensitive group '
'conversations'},
'date_detected': '2024-03-09',
'date_publicly_disclosed': '2024-03-09',
'description': 'Dutch intelligence agencies revealed that Russian-backed '
'hackers launched a global cyber campaign to infiltrate Signal '
'and WhatsApp accounts belonging to government officials, '
'military personnel, and journalists. The attackers trick '
'users into disclosing security verification codes or PINs '
'during deceptive chats, granting access to personal accounts '
'and sensitive group conversations.',
'impact': {'data_compromised': 'Classified information, personal accounts, '
'sensitive group conversations',
'identity_theft_risk': 'High',
'systems_affected': 'Signal and WhatsApp accounts'},
'initial_access_broker': {'entry_point': 'Deceptive chats impersonating '
'Signal Support chatbot',
'high_value_targets': 'Government officials, '
'military personnel, '
'journalists'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Even encrypted apps should not be used for transmitting '
'highly sensitive information due to persistent social '
'engineering risks.',
'motivation': 'Espionage',
'post_incident_analysis': {'corrective_actions': 'Enhanced user education on '
'security practices, '
'monitoring for signs of '
'compromise',
'root_causes': 'Social engineering (tricking users '
'into disclosing verification '
'codes), exploitation of Signal’s '
"'linked devices' feature"},
'recommendations': 'Avoid sharing security verification codes or PINs, '
'monitor for signs of compromise (e.g., duplicate contacts '
"or 'deleted' accounts), and follow cyber advisories from "
'authorities.',
'references': [{'date_accessed': '2024-03-09',
'source': 'General Dutch Intelligence Agency (AIVD) and '
'Military Intelligence and Security Service (MIVD)'},
{'date_accessed': '2024-03-09', 'source': 'WhatsApp Advisory'}],
'response': {'communication_strategy': 'Public disclosure by Dutch '
'intelligence agencies',
'containment_measures': 'Dutch authorities issued a cyber '
'advisory to mitigate the threat',
'remediation_measures': 'Advising users against sharing their '
'six-digit codes'},
'stakeholder_advisories': 'Dutch intelligence agencies issued a cyber '
'advisory to mitigate the threat.',
'threat_actor': 'Russian-backed hackers',
'title': 'Russian-Backed Hackers Target Signal and WhatsApp Accounts of '
'Officials and Journalists',
'type': 'Cyber Espionage',
'vulnerability_exploited': ['Deceptive chats impersonating Signal Support '
'chatbot',
"Signal’s 'linked devices' feature"]}