ACCORDING to AIVD and MIVD, a global campaign by Russian nation state operatives to access targets’ encrypted messaging apps has been uncovered, with Dutch intelligence noting some government employees have already been victimised. Published on 9 March 2026, the joint missive says the campaign may also target military personnel, civil servants, journalists and other persons of interest. The attacks focus on hacking individual Signal and WhatsApp accounts, exploiting the end-to-end encryption these apps offer.
The most common method involves impersonating a Signal Support chatbot in unsolicited messages, where users are asked to enter their SMS verification code or Signal PIN, despite Signal stating that it never initiates contact to obtain such codes. Another technique leverages the apps’ linked devices feature, persuading victims to scan a QR code or click a link.
The report notes additional risk from attackers who may try to change a compromised account’s display name to remain unseen in chats, and cites comments from Ben Clarke of CybaVerse on the challenges of consumer platforms for state actors.