Russia Targets Signal and WhatsApp Accounts, Dutch Officials Warn

The Dutch Minister of Defence warns about a cyber campaign linked to Russia that targets accounts on messaging platforms such as Signal and WhatsApp. The operation focuses on people who may have access to sensitive information, including government officials, military staff, and journalists. The alert shows how threat actors try to gain access to encrypted communications by targeting user accounts.

Dutch Intelligence Issues Warning

On 9 March 2026, the Netherlands’ General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD) reported a cyber campaign aimed at messaging accounts. The campaign is linked to Russian threat actors and targets people in government, defense, diplomacy, journalism, and research.

Dutch officials confirmed that several individuals in the Netherlands have already been affected. In some cases, attackers may have gained access to private conversations and group chats.

The agencies also warned that the campaign is not limited to Dutch targets. Individuals in other countries who work with sensitive political or security topics may also be at risk.

Social Engineering as the Main Technique

The campaign mainly relies on social engineering. Instead of exploiting software vulnerabilities, attackers try to trick users into giving access to their accounts.

In some cases, attackers contact targets and pretend to be a Signal support chatbot or a trusted contact. They then ask the victim to share a verification code. If the victim sends the code, the attacker can register the account on another device and gain access to messages.

Another method involves abusing the linked devices feature in messaging apps. This feature allows users to connect their account to another device, such as a computer or tablet. If attackers succeed in linking their own device, they can monitor conversations without the victim noticing immediately.

Messaging Platforms as Intelligence Targets

Messaging apps such as Signal and WhatsApp are widely used for private and professional communication. Many officials and journalists rely on them because they use end-to-end encryption.

However, encryption protects messages during transmission. It does not prevent attackers from accessing the account itself. If attackers gain control of the account or connect their own device, they can read conversations and collect information from chats and contact lists.

For threat actors involved in espionage, this access can provide insight into discussions, contacts, and internal coordination.

Conclusion

The warning from Dutch officials highlights a cyber campaign that targets messaging accounts used by people who handle sensitive information. By using social engineering and abusing messaging app features, attackers attempt to gain access to private conversations and contacts.

Incidents like this also highlight the importance of basic security practices. Users should avoid clicking unknown links, never enter passwords or verification codes on suspicious pages, and always verify the source of requests for sensitive information. Email addresses can also be spoofed, so messages that ask users to click links or provide input should be checked carefully. When possible, organizations should enforce multi-factor authentication to add another layer of protection to communication accounts.

When attacks focus on individuals, daily security habits may become the main line of defense. People who work in sensitive roles should treat online interactions with extra caution, and organizations should support them with regular security awareness training and clear security policies.