Russian government hackers are targeting Signal and WhatsApp users, particularly government and military officials, as well as journalists all over the world, Dutch intelligence said on Monday.\u00a0\u00a0<\/p>\n
The Netherlands\u2019 Defence Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published<\/a> details about a \u201clarge-scale global\u201d hacking campaign against Signal and WhatsApp users. The two agencies accused \u201cRussian state actors\u201d of using phishing and social engineering techniques \u2014 rather than malware \u2014 to take over accounts on the two messaging apps.\u00a0<\/p>\n In the case of Signal, the hackers are masquerading as the app\u2019s support team and messaging targets directly with warnings of suspicious activity, \u201ca possible data leak,\u201d or of attempts to access the target\u2019s private data. If the target falls for it, the hackers ask for a verification code sent via SMS \u2014 the hackers themselves request this code from Signal \u2014 as well as the targets\u2019 PIN code.\u00a0<\/p>\n \t\t\tDo you have more information about this hacking campaign, or other campaigns targeting Signal and WhatsApp? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email<\/a>.<\/a>\t\t<\/div>\n The hackers then use the verification and PIN codes to register a new device with a new phone number, impersonate the target, and potentially access their contacts, according to the report. Also, the target gets locked out of their account, but can re-register their number.\u00a0\u00a0<\/p>\n \u201cBecause Signal stores the chat history locally on the phone, a victim can regain access to that history after re?registering. As a result, the victim may assume that nothing is wrong. The Dutch services want to stress that this assumption could be incorrect,\u201d the report reads.\u00a0<\/p>\n Signal does not provide support directly through the app. And it\u2019s important to note that, generally speaking, when a user adds a new device to their Signal account, the new device does not have access to previous messages.\u00a0<\/p>\n Signal did not respond to a request for comment, but posted a thread on social media<\/a> sharing advice for users on how to protect themselves, including advising against ever sharing the SMS verification code and PIN.<\/p>\n Hackers are also trying to trick targets on both apps into scanning malicious QR codes or clicking on malicious links. \u201cFor example, an actor may send a QR code or link to a victim to add them to a chat group, but this QR code or link actually links the actor\u2019s device to the victim\u2019s account,\u201d the report explained.\u00a0<\/p>\n In the case of WhatsApp, the hackers are abusing the \u201cLinked devices\u201d function, which allows users to access WhatsApp from a secondary device such as a laptop or a tablet. If the hackers successfully trick their targets, \u2014 unlike with Signal \u2014 they can potentially read past messages. And sometimes, the victim may not realize that they have granted access to the hackers\u2019 given that they don\u2019t get logged out of their account.\u00a0<\/p>\n Meta\u2019s spokesperson Zade Alsawah said that WhatsApp suggests<\/a> users to never share their six-digit code with anyone, and pointed to a Help Center page<\/a> to help users recognize suspicious messages, and a page about the Linked Devices feature<\/a>.<\/p>\n Laurens Bos, a spokesperson for the Ministry of Defence declined to provide more details about the campaign.\u00a0<\/p>\n The Russian embassy in Washington, D.C. did not respond to a request for comment.\u00a0<\/p>\n Some of the techniques highlighted by the Dutch intelligence services in this report have been known to be used<\/a> by Russian government hackers in the context of the war against Ukraine.<\/p>\n<\/div>\nContact Us<\/h4>\n
![\"\"](\"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/03\/signal-phishing-scam.png?w=379\")