Russian-Linked Phishing Campaign Targets Signal, WhatsApp Users

A new cyber-espionage warning is putting two of the world’s most trusted messaging apps in the spotlight. 

Security agencies say a coordinated phishing campaign linked to Russian state actors is targeting users of Signal and WhatsApp, with officials, soldiers, and journalists among the potential victims.

The warning comes from the Netherlands Defence Intelligence and Security Service and the General Intelligence and Security Service, which say hackers linked to Russia are running a “large-scale global” operation aimed at breaking into accounts on the two messaging platforms.

According to the agencies’ cybersecurity advisory, the attackers are not exploiting vulnerabilities in the apps themselves. Instead, they rely on phishing and social engineering to trick users into handing over login details.

The advisory notes that the campaign has already affected Dutch government personnel and may also target “other persons of interest to the Russian government,” including journalists.

Hackers impersonate Signal support

Attackers reportedly contact targets directly via chat messages, posing as customer support representatives or security bots. Victims are warned about suspicious activity, possible data leaks, or attempts to access their accounts. They are then prompted to share verification credentials.

The Signal team addressed the issue publicly, stressing that the platform’s core technology remains intact.

“We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously,” the company said in a statement. Signal emphasized that the attacks did not compromise the app’s encryption or infrastructure.

“To be clear: Signal’s encryption and infrastructure have not been compromised and remain robust,” the company added. “These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information – SMS codes and/or Signal PIN – to gain access to users’ accounts.” 

WhatsApp also targeted

The same campaign also targets WhatsApp users, according to the Dutch agencies.

In this case, attackers often exploit the app’s “linked devices” feature, which allows users to access their account from multiple devices, such as laptops or tablets. By convincing victims to authorize a malicious device, hackers may gain access to messages without immediately locking the user out.

Security experts say this approach highlights a shift in tactics: rather than attacking software flaws, threat actors are focusing on manipulating human behavior.

Both Signal and WhatsApp use end-to-end encryption, meaning messages can only be read by the sender and recipient. That security has made the apps popular among journalists, government officials, and activists.

Dutch intelligence agencies say that reputation is exactly why attackers are targeting them.

Signal, in particular, is widely regarded as one of the most secure messaging platforms and is often used for sensitive conversations within governments and military organizations. However, security experts note that encryption alone cannot protect users if their account credentials are handed over to attackers.

Advice for users

Security agencies and messaging platforms say users can protect themselves by following a few simple rules.

Signal warned that verification codes and PINs should never be shared with anyone. The company also clarified that it does not contact users inside the app to request such information.

“We also want to emphasize that Signal Support will never initiate contact via in-app messages, SMS, or social media to ask for your verification code or PIN,” Signal said. “If anyone asks for any Signal related code, it is a scam.”

Dutch intelligence agencies also recommend regularly checking linked devices, avoiding suspicious QR codes or links, and using additional security features such as registration locks and two-factor authentication. They cautioned that even secure messaging platforms should not be used to share classified or highly sensitive information.

Also read: Fake AI Chrome extensions stole user data by tricking people into installing them.