Dutch intelligence agencies have warned that Russian hackers are running a global cyber campaign aimed at compromising Signal and WhatsApp accounts used by officials, military personnel and journalists.
Hackers persuade users in chat conversations to reveal security codes, allowing access to private accounts and group chats, a Monday, March 9 Reuters report said, citing the Netherlands’ General Intelligence and Security Service and Military Intelligence and Security Service.
“The Russian hackers have likely gained access to sensitive information,” the agencies said, adding that targets and victims include Dutch government employees and journalists.
The services said attackers often pose as a Signal Support chatbot to convince users to share verification codes, while another method involves abusing Signal’s linked devices function to silently connect additional devices to a compromised account.
Dutch intelligence noted that duplicate contacts in a user’s address book or numbers appearing as “deleted account” may indicate that an account has already been compromised.
Because encrypted messaging apps are widely used by officials to exchange confidential material, the agencies said they have become “the ideal place for malicious actors to try to capture sensitive information.”
Peter Reesink, head of Dutch military intelligence, said that despite end-to-end encryption, messaging apps such as Signal and WhatsApp should not be used for classified, confidential or sensitive information.
WhatsApp told Reuters that users should never share their six-digit verification code and said it continues developing protections against online threats.
Last October, Russian hackers broke into UK Ministry of Defense data systems, making off with sensitive data about military personnel and other information from Royal Air Force and Royal Navy bases.
Some 272,000 service members may have been affected.
Specifically, the Mail reported, cybercriminals hacked the files of a maintenance and construction contractor, Dodd Group, gaining temporary access to its mainframe via ransomware.