ACCORDING to AIVD and MIVD, Russian state‑backed hackers are running a large‑scale phishing campaign aimed at Signal and WhatsApp accounts of high‑value targets, including senior officials, military personnel, civil servants, and journalists. The attackers are not breaking end‑to‑end encryption or exploiting app vulnerabilities; instead they rely on phishing and social engineering to obtain verification codes and PINs or to add a malicious linked device to a target’s account.
In some cases, they impersonate official‑sounding accounts such as “Signal Security Support Chatbot” or “Signal Support” to push victims into sharing codes or enabling device linking. Victims may be asked to send back an SMS verification code or their Signal PIN, after which the attacker can register the account on a device they control.
A second variant abuses the linked devices feature by prompting users to click a link or scan a QR code that silently links the attacker’s device, allowing the intruder to read messages in real time. The campaign underscores the importance of never sharing verification codes or PINs and of scrutinising unknown support accounts.