Russian backed hackers have launched a global cyber campaign targeting messaging accounts used by government officials, military personnel and journalists. Two Dutch intelligence agencies warned that the attackers are attempting to gain access to Signal and WhatsApp accounts through phishing tactics.
The General Intelligence and Security Service and the Military Intelligence and Security Service issued the warning on Monday. They said the campaign has already targeted several groups, including Dutch government employees and journalists.
According to the agencies, hackers try to persuade victims to share security verification codes and personal identification numbers. Once attackers obtain these codes, they can access personal accounts and group chats.
Phishing tactics targeting messaging apps
The intelligence agencies said the hackers rely on sophisticated phishing messages. These messages typically appear in chat conversations started by the attackers.
Often the hackers pretend to be official support services. For example, they may pose as a Signal Support chatbot. Through these fake support messages, they attempt to convince users to reveal their security verification codes.
Once the codes are shared, attackers can take control of the victim’s account. This access allows them to read private messages and view group conversations.
The agencies warned that the attackers likely obtained sensitive information through these tactics.
Exploiting trusted communication platforms
Signal and WhatsApp both offer end to end encryption. Because of this security feature, many government officials and journalists use these apps to exchange confidential information.
However, the Dutch intelligence services warned that this popularity makes the platforms attractive targets. Malicious actors may attempt to infiltrate accounts in order to access sensitive discussions.
Another tactic used in the campaign involves the linked devices feature available in Signal. Attackers try to trick victims into connecting their accounts to devices controlled by the hackers.
If successful, the hackers gain continuous access to the account and its messages.
Warning signs of a compromised account
The intelligence agencies also outlined several warning signs that could indicate an account has been compromised.
Users may notice contacts appearing twice in their contact lists. In some cases, phone numbers may suddenly appear as a deleted account. These irregularities can signal that an attacker has gained control of the account.
Dutch authorities have issued a cyber advisory to government staff. The advisory provides guidance on recognising the phishing attempts and removing unauthorised access.
The agencies also stressed that users should never share their six digit verification codes with anyone. Messaging platforms also continue to introduce protections designed to reduce online threats.
Despite the strong encryption offered by messaging apps, officials cautioned that such services should not be used to transmit classified or highly sensitive information.
With inputs from Reuters
