Kremlin-Linked Hackers Target WhatsApp and Signal Users, European Intelligence Agencies Warn
A widespread cyber campaign orchestrated by actors linked to the Kremlin is targeting the WhatsApp and Signal accounts of government officials, diplomats, military personnel, and journalists across Europe, intelligence agencies in the Netherlands and Portugal have revealed. The attacks, which utilize sophisticated phishing techniques and increasingly leverage artificial intelligence, aim to compromise accounts, steal sensitive information, and potentially launch further attacks through compromised contacts. While the messaging platforms themselves haven’t been breached, the vulnerability lies in exploiting user behavior and security awareness.
The coordinated effort underscores a growing trend of state-sponsored cyber espionage, with Russia identified as the primary actor behind the attacks by Dutch intelligence services. This campaign highlights the evolving tactics employed by hostile state actors, moving beyond traditional malware and exploiting the trust inherent in everyday communication tools. The targeting of messaging apps, often perceived as secure, demonstrates a strategic shift towards accessing channels frequently used for sensitive discussions. The Dutch warning specifically cautioned against using these platforms for classified or confidential information, despite their finish-to-end encryption.
Portugal’s Security Information Service (SIS) first publicly disclosed the campaign on Wednesday, detailing the methods used by attackers to gain access to user accounts. These tactics include employing social engineering to trick individuals into divulging passwords and verification codes. The SIS noted that attackers are increasingly utilizing artificial intelligence to convincingly impersonate technical support staff or trusted contacts, creating highly realistic and persuasive phishing attempts. This includes collecting voice and image data of targets to facilitate natural-sounding conversations via messaging, phone calls, or video conferences, making it more difficult for users to discern legitimate communication from malicious attempts. The Record from Recorded Future News provides further details on the scope of the campaign.
AI-Powered Phishing and Sophisticated Impersonation
The increasing sophistication of these attacks is largely attributed to the integration of artificial intelligence. Attackers are no longer relying solely on mass-distributed phishing emails; instead, they are crafting highly personalized and targeted messages designed to exploit individual vulnerabilities. The ability to clone voices and create deepfake images allows them to convincingly impersonate trusted individuals, increasing the likelihood of successful compromise. This represents a significant escalation in the complexity and effectiveness of phishing campaigns, making them harder to detect and defend against. The SIS emphasized that the attacks exploit “potentially less cautious utilize” of these messaging services, suggesting that user awareness and vigilance are critical defenses.
The Dutch Military Intelligence and Security Service (MIVD) issued a stark warning against using WhatsApp and Signal for sensitive communications, despite their encryption. Vice Admiral Peter Reesink, director of the MIVD, stated, “Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information.” Politico.eu reported on the Dutch intelligence assessment.
Targeting of Officials and Journalists
The attacks are not indiscriminate; they are specifically targeting individuals in positions of power, and influence. Government officials, diplomats, and military personnel are prime targets due to their access to sensitive information. Journalists are also being targeted, potentially to uncover sources or disrupt reporting on critical issues. The Dutch authorities confirmed that government officials have already been identified as both targets and victims of these attacks. This focused targeting suggests a strategic objective beyond simply gathering information; it could also involve disrupting operations, influencing policy decisions, or undermining trust in government institutions.
The motivation behind these attacks is likely multifaceted. Russia has a history of employing cyber espionage to gather intelligence, influence political outcomes, and disrupt adversaries. The current geopolitical climate, marked by heightened tensions and ongoing conflicts, likely exacerbates these motivations. The targeting of European officials suggests a particular interest in gaining insights into European policy decisions and potentially undermining unity within the European Union. The attacks also serve as a demonstration of Russia’s cyber capabilities and a warning to potential adversaries.
Platform Responses and User Guidance
Both Signal and WhatsApp have acknowledged the reports of malicious activity and are taking steps to address the threat. Signal stated that its encryption and infrastructure remain “robust” and have not been compromised. Though, the company acknowledged that targeted phishing attacks have successfully compromised some user accounts, including those of government officials and journalists.
We are aware of reports regarding targeted phishing attacks against Signal users. Our encryption and infrastructure remain robust and have not been compromised. We are taking reports of malicious activity remarkably seriously. https://t.co/Wq9tJ9wJ9w
— Signal (@signalapp) March 11, 2026
WhatsApp has issued similar guidance, urging users not to share the six-digit codes used to secure their accounts. Both platforms recommend blocking unknown messages and calls and being wary of suspicious requests for personal information. Users are advised to enable two-factor authentication whenever possible, adding an extra layer of security to their accounts. The platforms are also working to improve their detection and prevention capabilities to identify and block malicious activity.
Protecting Yourself from Messaging App Attacks
While the platforms are taking steps to enhance security, individual users play a crucial role in protecting themselves from these attacks. Here are some key recommendations:
- Be wary of suspicious messages: Do not click on links or open attachments from unknown senders.
- Verify requests for information: If you receive a request for personal information, even from a trusted contact, verify the request through a separate channel.
- Enable two-factor authentication: This adds an extra layer of security to your account.
- Never share verification codes: Do not share the six-digit codes used to secure your account with anyone.
- Keep your software updated: Ensure that your messaging apps and operating system are up to date with the latest security patches.
- Be cautious of voice and video calls: Attackers can use AI to impersonate contacts during calls. Verify the caller’s identity before sharing sensitive information.
The threat posed by Kremlin-linked hackers targeting messaging apps is a serious concern for governments and individuals alike. The sophistication of these attacks, coupled with the increasing use of artificial intelligence, demands a heightened level of vigilance and a proactive approach to cybersecurity. MSN reports that intelligence agencies are continuing to monitor the situation and develop countermeasures.
The investigation into these attacks is ongoing, and further details are expected to emerge in the coming weeks. European authorities are collaborating to share information and coordinate a response to this evolving threat. The next key development will likely be a more detailed report from the Dutch intelligence services outlining the full extent of the campaign and identifying the specific individuals and groups involved.
Key Takeaways:
- Russia-linked hackers are actively targeting WhatsApp and Signal users, particularly government officials and journalists.
- The attacks utilize sophisticated phishing techniques, increasingly leveraging artificial intelligence for impersonation.
- Despite end-to-end encryption, messaging apps are not immune to compromise due to user vulnerabilities.
- Users are urged to exercise caution, enable two-factor authentication, and never share verification codes.
- Intelligence agencies are investigating and collaborating to counter this ongoing threat.
What are your thoughts on the increasing sophistication of cyberattacks? Share your comments below, and please share this article with your network to raise awareness about this critical security threat.