Asger Risom
Russian state-backed hackers are reportedly attempting to hijack WhatsApp and Signal accounts by tricking users into handing over their login verification codes. Authorities warn the campaign targets government officials but uses simple phishing tactics that could affect anyone.
Russian state-backed hackers are attempting to take over WhatsApp and Signal accounts around the world — not by breaking the apps, but by tricking users into giving away their login codes.
The warning comes from the Netherlands’ General Intelligence and Security Service (AIVD), which says the campaign has already targeted government officials, military personnel, and civil servants, including employees of the Dutch government.
Both WhatsApp and Signal use end-to-end encryption, meaning even the companies themselves cannot read user messages. But experts warn that this protection does not stop attackers from taking over an account if they gain access to login credentials.
Hackers are exploiting the apps’ own security features
According to investigators, the attackers are not exploiting a technical flaw in the apps themselves. Instead, they are manipulating legitimate features designed to keep accounts secure.
The most common tactic involves convincing victims to share their one-time login verification code.
In some cases, attackers have been impersonating a fake “Signal Support Bot” and claiming suspicious activity was detected on the user’s account. Victims are then told they must enter their verification code into the chatbot to secure their account.
If a user shares the code, attackers can register the account on another device — effectively taking control of the account and gaining access to messages.
Signal says its support team will never contact users to request verification codes and warns that any such message should be treated as a scam.
Linked devices are another entry point
Authorities also warn that hackers are abusing the “linked devices” feature available in both Signal and WhatsApp.
This feature allows users to connect their phone account to a desktop computer so messages can be viewed and sent from multiple devices.
But if attackers trick someone into linking a new device, they can secretly gain access to conversations without needing to break the encryption.
Cybersecurity officials say phishing — rather than technical hacking — remains the biggest risk in these kinds of attacks.
Click to display external content from twitter,
– You can always enable and disable third-party content.
You agree to display external third-party content. Personal data may be sent to the provider of the content and other third-party services.
Who is being targeted
The AIVD says the campaign appears focused on high-value targets such as diplomats, government staff, and military personnel.
However, the tactics being used could easily be applied to ordinary users as well.
Security experts recommend never sharing authentication codes with anyone and being suspicious of unexpected messages claiming to come from customer support services.
Even highly secure messaging apps can be compromised if attackers succeed in manipulating the person using them.
Sources: PCMag, Netherlands General Intelligence and Security Service (AIVD), Signal
