Russian government-backed hackers have launched a sweeping global campaign targeting users of popular messaging apps Signal and WhatsApp, with a particular focus on government and military officials, as well as journalists around the world. This revelation came on March 9, 2026, when the Netherlands’ Defence Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) issued a joint warning detailing the scale and sophistication of the ongoing cyberattacks.
According to the Dutch intelligence agencies, the campaign is not limited to the Netherlands. Rather, it appears to be a worldwide effort by Russian state actors to compromise the communications of high-profile individuals and those of interest to the Russian government. The AIVD stated, “The Dutch services also believe other persons of interest to the Russian government, such as journalists, may possibly be targeted by this campaign.”
The attackers’ methods, as outlined in the report and confirmed by both TechCrunch and The Moscow Times, rely heavily on phishing and social engineering rather than the use of traditional malware. Instead of exploiting software vulnerabilities, the hackers impersonate support staff from messaging apps or exploit built-in features to trick users into handing over sensitive security details.
One of the most common tactics involves the hackers pretending to be the Signal Support chatbot. They reach out to targets with alarming messages—claims of suspicious activity, a possible data leak, or warnings about attempts to access private data. The goal is simple: persuade the recipient to share the SMS verification code and their PIN, which are crucial for account security. As the Dutch agencies explained, “Because Signal stores the chat history locally on the phone, a victim can regain access to that history after re-registering. As a result, the victim may assume that nothing is wrong. The Dutch services want to stress that this assumption could be incorrect.”
Once a user is duped into sharing these details, the hackers use the verification and PIN codes to register a new device with the victim’s account, often with a different phone number. This allows the hackers to impersonate the target and potentially access their contacts, while the legitimate user is locked out—at least temporarily. Although users can re-register their number and regain access to their chat history, the breach may have already exposed sensitive information or allowed the attackers to reach out to contacts under false pretenses.
Signal, for its part, does not provide support directly through the app—a crucial detail that the Dutch intelligence services emphasized to help users spot fraudulent messages. The company responded to the news by posting a thread on social media with practical advice: never share your SMS verification code or PIN with anyone, and be wary of unsolicited support messages. Signal also reminded users that adding a new device to an account does not grant access to past messages, which are stored only on the original device.
The hackers’ playbook isn’t limited to Signal. WhatsApp, owned by Meta, is also in the crosshairs. Here, the attackers exploit the app’s “Linked devices” function, which allows users to access WhatsApp on secondary devices like laptops or tablets. If a target is tricked into approving a new linked device—often via a malicious QR code or link sent by the attacker—the hackers can potentially read past messages and monitor ongoing chats. Unlike Signal, WhatsApp’s implementation means that victims may not even be logged out or notice that their account has been compromised.
Meta’s spokesperson Zade Alsawah weighed in, stating that WhatsApp “suggests users to never share their six-digit code with anyone,” and pointed users to resources on recognizing suspicious messages and managing linked devices. These reminders underscore the importance of user vigilance, as the primary line of defense against such attacks is often personal awareness and skepticism.
In its report, the AIVD warned, “Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information.” Military intelligence director Peter Reesink echoed this sentiment, emphasizing that the security of these platforms, while robust against technical interception, can be undermined by clever social engineering tactics. “Once a chat has been compromised, the hackers can read all messages,” the AIVD cautioned, highlighting the real-world risks even for encrypted services.
The Dutch intelligence services declined to specify which other nations had been targeted, but the implication is clear: the threat is widespread and not confined to Dutch officials. The timing of the report is also significant, coming a year after the Pentagon issued its own warning to U.S. staff about using Signal, citing similar threats from Russian hackers. This pattern suggests a sustained and evolving campaign by Russian state actors, with techniques that have previously surfaced in the context of the war against Ukraine.
While the Russian embassy in Washington, D.C. did not respond to requests for comment, the methods described by Dutch intelligence are consistent with known tactics employed by Russian government hackers in recent years. The use of phishing, impersonation, and abuse of legitimate app features has proven effective, especially when targeting individuals who may be less suspicious of messages appearing to come from trusted sources.
The scope of the campaign is particularly concerning for those in sensitive positions—diplomats, military personnel, and civil servants—as well as journalists who may be reporting on issues of interest to the Russian government. The potential for these breaches to expose confidential communications or facilitate further attacks is significant. As the Dutch agencies noted, “They likely gained access to sensitive information through this campaign.”
For everyday users, the lessons are clear but sobering. No matter how secure a messaging app’s encryption may be, the human element remains a vulnerability. Hackers may not need to break the code if they can simply convince someone to hand over the keys. The Dutch intelligence services’ advice is straightforward: treat any unsolicited support messages with suspicion, never share security codes or PINs, and avoid using these apps for classified or highly sensitive conversations.
As digital communication becomes ever more central to government, journalism, and daily life, the stakes of such cyber campaigns continue to rise. The current wave of attacks serves as a stark reminder that vigilance—and a healthy dose of skepticism—are essential defenses against even the most sophisticated adversaries.
While the technical barriers to hacking Signal and WhatsApp remain high, the attackers’ focus on social engineering highlights a timeless truth: people, not just technology, are often the weakest link in the security chain. As this campaign unfolds, officials and users alike are being urged to take extra precautions and stay alert to the evolving tactics of state-backed hackers.
With the world’s eyes on the security of digital communications, the Dutch intelligence agencies’ warning is more than a local concern—it’s a wake-up call for anyone who relies on encrypted apps to keep their conversations safe.