Dutch Intelligence Warns Russian Hackers Are Running Global Campaign to Hijack Signal and WhatsApp Accounts

Russian state hackers are conducting a global phishing operation targeting Signal and WhatsApp accounts belonging to government officials, military personnel and journalists, the Netherlands’ intelligence services announced Monday.

The Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) confirmed that attackers have already compromised accounts belonging to Dutch government employees. The agencies warned that others of interest to Moscow, including journalists and foreign officials, are likely targets.

The campaign does not exploit technical vulnerabilities in the messaging platforms. Attackers impersonate Signal customer support and trick users into sharing verification codes or PINs, giving them full account access.

“It is not the case that Signal or WhatsApp as a whole have been compromised,” AIVD Director-General Simone Smit said in a statement. “Individual user accounts are being targeted.”

Hackers also persuade victims to scan malicious QR codes or click links that connect an attacker-controlled device to the target’s account. Both apps offer a linked devices feature that allows users to access their messages from multiple devices simultaneously. Once an attacker’s device is linked, they can read incoming messages and monitor group chats without the user’s knowledge.

We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously.

To be clear: Signal’s encryption and infrastructure have not been…

— Signal (@signalapp) March 9, 2026

Signal acknowledged the attacks in a post on X, stating that the phishing campaigns were “designed to trick users into sharing information” and that its encryption infrastructure had not been breached.

MIVD Director Vice-Admiral Peter Reesink cautioned that encrypted messaging apps are not appropriate for sensitive government communications. “Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information,” Reesink said.

The warning follows a February 2025 advisory from Google Threat Intelligence Group identifying multiple Russia-aligned threat actors targeting Signal accounts used by Ukrainian military personnel. Google researchers warned the tactics would likely spread beyond Ukraine.

The Dutch agencies urged users to treat any message claiming to be from Signal support as suspicious.