Intelligence confirms Russian state hackers targeting Dutch Signal and WhatsApp accounts
The Netherlands’ intelligence agencies have confirmed Monday that Russian state hackers are attempting to access chat apps Signal and WhatsApp accounts worldwide, including those of Dutch government officials, military personnel, and other individuals of interest such as journalists. Signal is reportedly particularly targeted because of its strong reputation as a secure communication platform used by governments.
The Dutch General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD) said the hackers attempt to obtain verification and PIN codes by impersonating Signal support chatbots.
Once access is gained, attackers can read messages sent to the account and participate in chat groups without the user’s knowledge. Hackers also exploit features that allow devices to be linked to accounts, which can enable remote surveillance.
AIVD Director-General Simone Smit emphasized that the threat targets individual accounts rather than technical vulnerabilities in the messaging platforms themselves. “It is not that Signal or WhatsApp as applications are compromised. The threat is directed at accounts of individual users,” she said in a statement.
Vice Admiral Peter Reesink, director of the MIVD, warned that despite end-to-end encryption, chat apps like Signal and WhatsApp are not suitable for classified or sensitive information. To protect against Russian hacking attempts, the AIVD and MIVD issued a cyber advisory for users.
The advisory recommends that users check group chats for suspicious or duplicate accounts, verify any unusual accounts by email or phone, and report concerns to their organization’s IT security team. Compromised accounts should be removed from group chats.
It also warns that attackers may rename hijacked accounts—for example, to “Deleted account”—to avoid detection. Non-legitimate accounts entering a group via a captured group link should be removed by the group administrator.
If a group administrator appears compromised, members are advised to leave the group and set up a new one.
