Dutch intelligence agencies have issued a warning about an ongoing cyber espionage campaign believed to be linked to Russian-backed hackers attempting to gain access to accounts on the messaging platforms Signal and WhatsApp.
The alert was released by the General Intelligence and Security Service and the Military Intelligence and Security Service, which said the operation appears to be targeting individuals likely to possess sensitive information. These include government officials, military personnel, and journalists. Dutch authorities confirmed that some employees within the government have already been identified as victims of the campaign.
According to the agencies, the attackers are using manipulation techniques rather than technical exploits to gain access to accounts. By tricking users into handing over critical security information, hackers are able to take control of personal messaging accounts and potentially view private conversations or files.
The intelligence services warned that this tactic could allow attackers to obtain sensitive information shared through private chats and group conversations.
Hackers Use Social Engineering to Bypass Security
Instead of relying solely on malware or software vulnerabilities, the hackers involved in the campaign are using social engineering tactics—methods that rely on deception and psychological manipulation.
In many cases, the attackers initiate conversations with potential targets and gradually attempt to convince them to reveal security verification codes or PIN numbers associated with their messaging accounts. These codes are normally used by platforms to confirm a user’s identity when logging in or setting up an account on a new device.
Once these codes are shared, the attackers can bypass the security protections built into the messaging platforms and gain control of the victim’s account.
Dutch intelligence officials said that in several cases the hackers pretended to be official customer support services to make their messages appear legitimate. One common method involves posing as a support chatbot connected to Signal.
In these situations, users may receive messages suggesting that their account needs verification or that a technical issue has been detected. The attackers then request the verification code that the user receives via text message or app notification.
If the user provides the code, the hackers can immediately log into the account and take control of it.
Exploiting the “Linked Devices” Feature
Another tactic highlighted by Dutch intelligence involves misuse of Signal’s “linked devices” function. This feature allows users to connect their messaging account to additional devices such as computers or tablets, enabling them to access conversations across multiple platforms.
While the feature is designed for convenience, it can be exploited if attackers persuade users to approve a new device connection.
By linking their own device to a victim’s account, hackers can gain ongoing access to conversations without necessarily alerting the user right away. This type of access allows attackers to quietly monitor communications over an extended period of time.
Authorities warned that such access could expose sensitive information shared between officials, journalists, and others who use these messaging platforms for work-related discussions.
Signs an Account May Have Been Compromised
The Dutch agencies also outlined several warning signs that could suggest an account has been compromised.
Users might notice duplicate entries for contacts appearing in their messaging apps. In some cases, phone numbers in chat conversations may suddenly appear as “deleted account,” which could indicate that unauthorized changes have occurred.
These unusual signs may suggest that another device has gained access to the account.
Officials advised anyone who notices suspicious activity to immediately review their security settings, remove unfamiliar linked devices, and change account credentials.
Government Issues Cybersecurity Advisory
Following the discovery of the campaign, Dutch authorities distributed a cybersecurity advisory to government staff and related organizations. The notice outlines the tactics being used by the attackers and provides guidance on how to avoid falling victim to the scheme.
The advisory is part of broader efforts by the Netherlands to strengthen protection against foreign cyber threats.
A government spokesperson said the warning was issued as part of a coordinated effort between the AIVD and MIVD to protect officials and sensitive communications from espionage attempts carried out through digital platforms.
Authorities are also providing assistance to individuals who may have been affected, helping them secure their accounts and remove unauthorized access.
Why Messaging Apps Are Attractive Targets
Messaging platforms such as Signal and WhatsApp have become widely used tools for communication because of their strong encryption features. Both apps use end-to-end encryption, meaning that messages are scrambled in such a way that only the sender and recipient can read them.
This feature has made these services popular among journalists, government officials, activists, and other individuals who often exchange sensitive information.
However, intelligence officials stressed that encryption alone cannot prevent attackers from accessing messages if they manage to take control of the account itself.
If hackers successfully log into an account, they effectively become an authorized user. In that situation, they can read messages, view files, and participate in conversations without breaking the encryption system.
For this reason, messaging platforms have become valuable targets for cyber espionage campaigns.
WhatsApp Warns Users About Verification Codes
In response to the warning, WhatsApp said users should never share their six-digit verification code with anyone.
The code is designed to confirm the identity of the person attempting to access the account. If someone else obtains it, they can potentially register the account on another device.
WhatsApp also said it continues working on new features aimed at protecting users from phishing attempts and other online scams.
At the time the Dutch intelligence warning was issued, Signal had not publicly commented on the campaign.
Despite the widespread use of encrypted messaging services, Dutch intelligence officials cautioned that such platforms should not be used to exchange classified or highly sensitive government information.
