Skip to main content
Netherlands News in English

Main navigation

  • Top stories
  • Health
  • Crime
  • Politics
  • Business
  • Tech
  • Culture
  • Sports
  • Weird
  • 1-1-2
Image
A man using his laptop and mobile phone to perform cybercrime activities.
A man using his laptop and mobile phone to perform cybercrime activities. - Credit: makidotvn / DepositPhotos - License: DepositPhotos
Crime
Tech
Backup Recovery-keys
signal
Dutch Military Intelligence and Security Service
Russia
General Intelligence and Security Service
spy agencies
Wednesday, 1 July 2026 - 17:50

Share this article:

Russian hackers use phishing to get access to message backups, Dutch spy agencies say

Russian state hackers are using phishing attacks to steal backup recovery keys and gain access to stored message histories in encrypted messaging apps, Dutch spy agencies said Monday. The method allows attackers to reach private chats, photos, and documents once protected by encryption.

The Dutch Military Intelligence and Security Service (MIVD) and General Intelligence and Security Service (AIVD) said the campaign is ongoing and widespread. It targets Western and Ukrainian officials, military personnel, journalists, and others of intelligence interest. The agencies confirmed findings shared by U.S. security services in a June 26 warning.

Officials said Signal, a widely used encrypted messaging app that offers end-to-end secure communication, is a key target. The agencies said the operation is part of a broader Russian espionage campaign that remains large-scale and successful.

The hackers previously tried to break into accounts by stealing verification codes. They have now shifted to a new approach: phishing messages designed to obtain “Backup Recovery-keys.”

The messages are sent under the name “Signal Support” and are designed to create urgency. Users are tricked into sharing recovery keys. Once obtained, the keys allow attackers to access stored backups.

Those backups can include messages, photos, and documents. With a valid recovery key, attackers can download full message histories, including media and files from the past 45 days. The same access can also enable full account takeover.

The agencies said the shift reflects an evolution in tactics following earlier warnings issued on March 9, when Russian actors were already attempting to access messaging accounts at scale.

Officials said the platform is targeted because of its reputation for security. It is widely used by governments and journalists and is considered highly secure due to end-to-end encryption.

MIVD Director Vice Admiral Peter Reesink said encrypted messaging apps are not suitable for confidential communication despite their security features. AIVD Director-General Simone Smit said attackers continuously adapt their methods to deceive users.

The agencies stressed the messaging app itself has not been compromised. Instead, individual accounts are being targeted through phishing.

They warned users to be cautious of messages claiming to come from “Signal Support,” noting that official support never asks for codes or recovery keys.

More like this

Image
Burned building at the Maidan in Kyiv, Ukraine
Russia used chemical weapons in 9,000 attacks on Ukraine, intelligence report says
Image
Netherlands players celebrate their victory after the 2026 FIFA World Cup Group F match between Tunisia and the Netherlands at Kansas City Stadium on June 25, 2026, in Kansas City, United States.
Koeman demands greater defensive solidity as Oranje prepare for Morocco; Gakpo will play
Image
The White House, Washington, U.S.
The U.S. now provides nearly one-third of Dutch energy imports
Image
The flags of the United States and the Netherlands fly over the entrance to the Amstel Hotel in Amsterdam. 12 August 2020
Netherlands aims to cut dependence on U.S. security guarantees, new strategy says
Make NL Times your top Google source

Follow us:

Latest stories

  • Dutch authorities warn of looming water shortage as drought intensifies
  • Russian hackers use phishing to get access to message backups, Dutch spy agencies say
  • Worker strike to disrupt operations at ASML, Bosch and other major companies
  • New military tech hub opens at TU Delft to explore military drones, quantum computing
  • Dutch intelligence agencies accused of privacy breaches in large-scale data processing

Top stories

  • Dutch inflation rate falls back below 3 percent as energy price spike flattens
  • PFAS detected in all Dutch breast milk samples, but levels decline from 2014
  • Netherlands on track to build nearly 100,000 new homes in 2027, surge seen as temporary
  • Rotterdam-Zuid line closed until Saturday; No trains between Groningen and Zuidhorn
  • €3 import fee now applies to cheap packages from outside the EU

© 2012-2026, NL Times, All rights reserved.

Footer menu

  • Change Privacy Settings
  • Privacy Policy
  • Contact
  • Partner Content