Russia Targets Signal and WhatsApp via Account Takeovers

The FBI warns that Russian intelligence actors have been targeting “high intelligence value” Americans via the Signal encrypted messaging app, using profiles and outreach to recruit or collect sensitive information. The advisory names Russia-linked operatives exploiting Signal’s privacy features and social engineering to contact government officials, journalists, think-tank researchers and others with access to valuable information. The bureau says these campaigns can include false personas, flattering or probing messages, and attempts to move conversations off-platform. This matters because Signal’s encryption protects message content but not metadata or human susceptibility, complicating attribution and mitigation for individuals, platform defenders and national security teams.

The FBI and CISA warned that Russian intelligence-affiliated actors are impersonating customer support on messaging apps like Signal to phish high-value targets — former officials, military personnel, politicians and journalists — and have compromised thousands of accounts. Attackers send bogus “suspicious activity” alerts that lure victims to verification links, enabling account linking, message access or full takeover even on end-to-end encrypted platforms. The advisory underscores that technical security (like Signal’s encryption) can be defeated by social-engineering and offers standard anti-phishing guidance. The bulletin also summarized related cyber news: US DOJ seized Iranian-linked propaganda domains tied to a Stryker attack; Marquis warned 670,000 customers of a ransomware-driven data theft; and Telus acknowledged a major breach.

Tim Starks / CyberScoop : The FBI and CISA warn hackers tied to Russian intelligence services are targeting users of messaging apps such as Signal with phishing attacks — It echoes earlier alerts from the Netherlands and Germany, and is the latest to warn about targeting of Signal users and others. — Learn more.

Dutch intelligence agencies AIVD and MIVD warned that Russian-backed hackers have run a global phishing campaign to hijack Signal and WhatsApp accounts of officials, military personnel and journalists. Attackers impersonate Signal Support chatbots and exploit features like Signal’s linked devices to trick targets into revealing six-digit verification codes and PINs, gaining access to private and group chats. The agencies said the campaign likely exposed sensitive information and advised against using end-to-end encrypted messaging apps for classified communications. WhatsApp reiterated users should not share verification codes, while Signal said its infrastructure remains intact and blamed sophisticated phishing for the breaches. Dutch authorities issued advisories and remediation help to government colleagues.

Security researchers say a Kremlin-linked hacking group is attempting to compromise Signal and WhatsApp accounts worldwide by targeting users’ phone numbers and associated account recovery mechanisms. The campaign reportedly uses SIM swapping, SS7/SS8 signaling abuse, interception of SMS-based two-factor codes, and social engineering to seize accounts, putting activists, journalists, and dissidents at risk. Messaging platforms and carriers are urged to harden protections—adopt app-based 2FA, push-based authentication, registration lock features, and tighten verification processes—to mitigate account takeover. The story matters because encrypted messaging is central to secure communication, and exploitation of telephony and recovery channels undermines end-to-end security and user trust across platforms and jurisdictions.

Russian government hackers targeting Signal and WhatsApp users, Dutch spies warn

Dutch intelligence agencies MIVD and AIVD say Russian state-backed hackers are running a global campaign to take over Signal and WhatsApp accounts of dignitaries, military personnel, civil servants and possibly journalists. Attackers coax victims into revealing verification codes by posing as Signal Support chatbots or abusing legitimate 'linked devices' features rather than exploiting software vulnerabilities. Compromised accounts let attackers read end-to-end encrypted messages and group chats, risking sensitive information exposure. The agencies stress the apps themselves are not breached but individual accounts are targeted, and they published a cyber advisory with detection and mitigation steps for organizations and Signal users, including checking for duplicate accounts in group member lists and verifying contacts over other channels.

Dutch intelligence agencies MIVD and AIVD say Russian state-linked hackers are running a global campaign to hijack Signal and WhatsApp accounts of dignitaries, military personnel, civil servants and journalists, including Dutch government employees. Attackers are social-engineering targets—posing as Signal Support chatbots and abusing legitimate features like linked devices—to trick users into revealing verification codes and then take over accounts. Compromised accounts allow reading incoming messages and group chats, potentially exposing sensitive information. The agencies stress the apps themselves are not broken but individual accounts are targeted, warn against using messaging apps for classified data, and published a cyber advisory with detection and remediation steps for organizations and Signal users.

Dutch intelligence agencies AIVD and MIVD warn of a large-scale Russian-linked phishing campaign targeting Signal and WhatsApp accounts of government officials, journalists and military personnel worldwide. Attackers social-engineer targets to hand over six-digit verification codes or PINs, impersonate support bots, or abuse Signal’s linked-devices feature to mirror messages — sidestepping end-to-end encryption by taking over accounts. The campaign has already compromised Dutch government employees, prompting a Dutch cybersecurity advisory and help to affected users. Authorities stress that encrypted consumer apps are not suitable for classified communications and urge users never to share verification codes and to watch for subtle compromise indicators.

Dutch authorities warn that a Russia-linked state actor has compromised Signal and WhatsApp accounts of government officials, journalists and others using SIM swapping and account takeover techniques. The campaign targeted encrypted messaging and took control of phone numbers to intercept account recovery and two-factor authentication, enabling access to private chats and metadata. Security agencies and providers are advising stronger defenses — including use of app-based authenticators, lock codes, hardware security keys, and carrier-level protections — and urging organizations to assume compromise and rotate credentials. The breach underscores persistent risks to secure messaging from telecom-level attacks and the importance of hardened account recovery and operational security for high-risk individuals.