Russian government hackers targeting Signal and WhatsApp users, Dutch spies warn
Source: TechCrunch
Overview
Russian government hackers are targeting Signal and WhatsApp users, particularly government and military officials as well as journalists worldwide, Dutch intelligence said on Monday.
The Netherlands’ Defence Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published a large‑scale global hacking campaign advisory. The agencies accuse “Russian state actors” of using phishing and social engineering — rather than malware — to take over accounts on the two messaging apps.
Signal
- Hackers impersonate Signal’s support team and message targets with warnings of suspicious activity, a possible data leak, or attempts to access private data.
- Victims are asked to provide a verification code sent via SMS (which the hackers request from Signal) and the target’s PIN code.
- Using the verification code and PIN, the attackers register a new device with a new phone number, impersonate the target, and potentially access contacts. The original device may become locked out, though the victim can re‑register their number.
“Because Signal stores the chat history locally on the phone, a victim can regain access to that history after re‑registering. As a result, the victim may assume that nothing is wrong. This assumption could be incorrect.” – Dutch services report
Signal does not provide support directly through the app, and adding a new device does not grant access to previous messages.
Image: Example of a malicious Signal message sent by the hackers (most common illustration of such a message and the method of account takeover). – Image credits: Netherlands’ General Intelligence and Security Services
Additional tactics include tricking targets into scanning malicious QR codes or clicking malicious links that link the attacker’s device to the victim’s account.
- Hackers abuse the “Linked devices” feature, which lets users access WhatsApp from secondary devices (e.g., laptops, tablets).
- If successful, they can potentially read past messages, and victims may not notice the unauthorized access because they are not logged out.
WhatsApp advises users never to share their six‑digit verification code with anyone.
Reactions
- Signal did not respond to a request for comment.
- Meta declined to comment about the hacking campaign.
- The Dutch Ministry of Interior and Ministry of Defense did not respond to requests for more information.
- The Russian embassy in Washington D.C. did not respond to a request for comment.
Context
Some of the techniques highlighted by the Dutch intelligence services have been known to be used by Russian government hackers in the context of the war against Ukraine.