Russian hackers supported by the Kremlin have gained access to the WhatsApp and Signal accounts of government officials, military personnel, and journalists, according to a warning issued on March 9 by two Dutch intelligence agencies.
The General Intelligence and Security Service of the Netherlands (AIVD) and Dutch Military Intelligence and Security Service (MIVD) said that “the Russian hackers likely gained access to sensitive information through this campaign.”
AIVD and MIVD said they “can confirm that targets and victims of the campaign include Dutch government employees.”
“The Dutch services also believe that other persons of interest to the Russian government, such as journalists, may possibly be targeted by this campaign,” the agencies said in a statement.
The MIVD director, Vice Adm. Peter Reesink, said that “despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information.”
The spy agencies said the method deployed most frequently by the Russian hackers is to “masquerade as a Signal Support chatbot in order to induce their targets to divulge their codes.”
The hackers then use security verification codes to take over the individual’s Signal account.
The agencies said hostile actors from Russia were also exploiting the “linked devices” feature in both Signal and WhatsApp.
“Signal is renowned as a reliable and independent communication channel which offers end-to-end encryption,” the agencies said. “This makes it an attractive channel for use within governments wishing to protect their internal communication.
“It also makes it the ideal place for malicious actors to try to capture sensitive information.”
NATO Secretary-General Mark Rutte is a former Dutch prime minister, and in 2025, the alliance held its annual summit in The Hague, Netherlands, at which all members—with the exception of Spain—agreed to raise defense spending to 5 percent of gross domestic product.
Encryption Has ‘Overlooked Weakness’
Andy Jenkinson, fellow at the Cyber Theory Institute and author of several books on cybercrime and hacking, told The Epoch Times that the Russian hacking operation “highlights a critical but often overlooked weakness in end-to-end encryption: the infrastructure that surrounds it.”
“Even if messages are encrypted between users, unsecured DNS records, routing servers, and distribution networks that deliver those messages are vulnerable,” Jenkinson said.
“Partial DNSSEC signing and misconfigured DNS records can enable attackers to perform man-in-the-middle attacks, impersonate services, or redirect traffic without users noticing.”
Jenkinson said that when this issue is combined with spyware that captures data before encryption or after decryption on devices, “these weaknesses undermine the promise of total privacy.”
“The lesson is clear: Encryption alone does not guarantee security when the underlying internet infrastructure remains exposed and unsecured,” Jenkinson said.
On Feb. 12, the Kremlin blocked WhatsApp from operating in Russia for failing to comply with local laws.
“Due to Meta’s unwillingness to comply with Russian law, such a decision was indeed made and implemented,” Kremlin spokesman Dmitry Peskov told reporters at the time, and he suggested that Russians switch to the state-owned messenger app MAX instead.
An analysis released by Google on Feb. 10 showed that the U.S. defense industrial base—a network of public and private entities used to develop or maintain military weapons systems—has sustained cyberattacks from groups and criminal organizations from China, Russia, and North Korea in recent months.
“Russia’s use of cyber operations in support of military objectives in the war against Ukraine and beyond is multifaceted,” Google stated in a blog published at the time. “On a tactical level, targeting has broadened to include individuals in addition to organizations.”
In September 2024, the government in Kyiv banned the use of the Telegram messaging app on state-owned devices.
At the time, Ukraine’s intelligence chief, Kyrylo Budanov, alleged that Russian spies were able to access the personal messages of Telegram users, including deleted messages, and their data.
A spokesman for Meta, which owns WhatsApp, told The Epoch Times in an email: “Users should never share their six-digit code with others.
“We continue to build ways to protect people from online threats and recently announced strict account settings.”
Meta said it provides detailed advice on how WhatsApp users can protect themselves from suspicious messages and scams.
The Epoch Times reached out to Signal for comment but did not receive a response by publication time.
Signal said in a post on BlueSky on March 9 that the company is aware of recent reports regarding targeted phishing attacks and takes them seriously.
“To be clear: Signal’s encryption and infrastructure have not been compromised and remain robust. These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information—SMS codes and/or Signal PIN—to gain access to users’ accounts,” Signal said.
“These attacks, like all phishing, rely on social engineering. … While we build robust technical safeguards, user vigilance is ultimately the best defense against phishing.”
Reuters contributed to this report.
Friends Read Free
Copy
Facebook
Tweet
