March 10, 2026 Dutch intelligence agencies say Russian state-linked hackers are conducting a global campaign to compromise Signal and WhatsApp accounts belonging to government officials, military personnel and other high-value targets.
In a joint advisory, the Netherlands’ military intelligence service (MIVD) and domestic security agency (AIVD) said the operation has already resulted in compromised accounts, including those belonging to Dutch government employees. The agencies said dignitaries, civil servants and members of the armed forces are among the primary targets.
“It is not the case that Signal or WhatsApp as a whole have been compromised. Individual user accounts are being targeted,” AIVD Director-General Simone Smit said in a statement.
The advisory stresses that the attacks do not exploit vulnerabilities in the messaging platforms themselves. Both Signal and WhatsApp use the Signal Protocol, an end-to-end encryption system designed to protect message content during transmission.
Instead, the campaign focuses on gaining access to user accounts or devices through social engineering and misuse of legitimate platform features. According to the agencies, attackers typically impersonate customer support staff and attempt to convince victims to share verification codes or PIN numbers needed to access their accounts.
The attackers initiate the process by starting a standard account registration using the target’s phone number. The messaging service then sends a verification code to the user’s device. If the victim shares the code with the attacker, the attacker can complete the login process on another device and take control of the account.
Another technique involves persuading victims to scan malicious QR codes or click links that connect an attacker’s device to the victim’s account through the apps’ “linked devices” feature. Once linked, the attacker can access chats and message history.
Western intelligence agencies have previously warned that messaging platforms used by officials and journalists are frequent targets for espionage operations. Google security researchers noted last year that Signal’s widespread use among Ukrainian soldiers and political figures had made it a focus for Russian cyber activity.
The Dutch advisory does not estimate how many people may have been affected and does not attribute the operation to a specific Russian intelligence unit.
