Jens Asbjørn Bøgen
Dutch intelligence confirm that the targets and victims include government employees.
A cyber operation linked to Russia is targeting messaging accounts used by officials, journalists and other high-profile figures, according to Dutch intelligence agencies.
Authorities say the effort is global in scope and relies on deceptive tactics rather than weaknesses in the apps themselves.
The campaign was disclosed March 9 by the Netherlands’ General Intelligence and Security Service (AIVD) and the Dutch Military Intelligence and Security Service (MIVD).
According to the agencies, the attackers focused on gaining entry to accounts used by government staff and other individuals of interest to Moscow.
Global phishing push
“Russian state hackers are engaged in a large-scale global cyber campaign to gain access to Signal and WhatsApp accounts belonging to dignitaries, military personnel and civil servants,” the Netherlands’ General Intelligence and Security Service (AIVD) said in a statement.
Dutch officials said the effort may also be directed at journalists and other prominent targets.
Investigators believe the attackers used phishing techniques inside chat conversations, persuading victims to reveal verification codes or passcodes needed to access their accounts.
“The Russian hackers have likely gained access to sensitive information,” AIVD and the Dutch Military Intelligence and Security Service (MIVD) said in a joint statement.
Apps not breached
According to The Kyiv Independent, Signal confirmed it had seen reports of targeted attacks affecting some users.
“We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists,” the company said. “We take this very seriously.”
The company stressed that its systems had not been technically compromised.
“To be clear: Signal’s encryption and infrastructure have not been compromised and remain robust,” the company said, adding that the attacks relied on “sophisticated phishing campaigns designed to trick users into sharing information.”
Part of hybrid warfare
Dutch intelligence said the operation did not exploit software flaws in the messaging platforms.
“The Russian campaign does not exploit any technical vulnerabilities of the messaging services,’ the agencies said. “Instead, the attackers make malicious use of legitimate security features of the apps.”
Cyber operations linked to Russian groups have long included financial crimes such as ransomware. Since Moscow’s full-scale invasion of Ukraine, Western officials say the focus has increasingly shifted toward espionage and disruption targeting Ukraine’s allies.
Sources: AIVD, MIVD statements, The Kyiv Independent
