Russian Hackers Target Signal and WhatsApp, Dutch Warn

Russian hackers are phishing their way into dignitaries' Signal and WhatsApp accounts.

The Netherlands’ military intelligence service and the domestic intelligence agency issued a joint warning about a large-scale global cyber campaign aimed at gaining access to high-profile messaging accounts. Hackers are reportedly posing as support chatbots to trick targets into revealing the PINs that guard Signal and WhatsApp, a move that can unlock access to incoming messages. The alert underscores a telling truth about modern secure messaging: even if the content is encrypted in transit, a compromised account can reveal everything once the attacker takes control.

The warning arrives amid a broader pattern of state-backed cyber activity that targets key personnel. Dutch officials describe the operation as global and ongoing, suggesting it spans multiple regions and actors. This isn't the first time such tactics have raised alarm: in the United States, the Pentagon warned last year against using Signal after a spate of phishing episodes tied to Russian actors. The parallel cautions from different governments emphasize a simple reality for users: attackers are chasing the keys, not merely the locks.

For everyday users, the takeaway is blunt: be skeptical of chatbot-style prompts that claim to help you with your account. If a prompt asks for a PIN, a verification code, or other security details, pause and verify through official channels. The campaign’s premise—tricking people into revealing security credentials—exposes a fundamental vulnerability: even strong end-to-end encryption cannot protect you if control of the account itself is stolen.

From a practitioner’s lens, this matters beyond elite circles. The attack surface for secure messaging apps hinges not only on cryptography but also on human behavior and account management. In practice, a valid PIN or two-step verification code is enough for an attacker to register a new device and begin intercepting messages or steering conversations. That distinction—encrypted content versus control of the account—explains a lot about why phishing remains a persistent threat even to users who trust their apps to shield their data. It also clarifies why simply updating the app’s code isn’t sufficient; security requires ongoing user education and stronger verification barriers.

What should users do now? First, treat PINs and two-factor prompts with extreme caution. Never disclose a PIN or verification code in response to a chatbot or support chat, even if the request appears to come from the app’s own help system. Second, enable every available layer of protection: two-step verification on WhatsApp (the app’s six-digit PIN, when enabled) and, on Signal, use screen lock and consider enabling a registration lock if available to slow account takeovers. Third, verify requests through official support channels—never click links or provide credentials in response to a chat you didn’t initiate. And fourth, maintain good device hygiene: ensure your phone is protected by a strong lock, keep software up to date, and review active sessions or linked devices regularly.

Looking ahead, observers expect more targeted phishing attempts against high-profile accounts and a continued push by intelligence agencies to warn the public about these tactics. The Dutch advisory, alongside the Pentagon’s prior caution, signals that conflict in cyberspace is increasingly waged through social-engineering playbooks as much as through malware. The question for users and organizations alike is simple: how resilient is your security culture when the scam looks like a routine chat with support?

Sources

Dutch intelligence services warn of Russian hackers targeting Signal and WhatsApp