Dutch intelligence services have warned that hackers hired by the Kremlin have launched a large-scale international cyber campaign targeting civil servants, military personnel and other high-profile individuals, writes Politico.
The statement released on the 9th of March said that cybercriminals are using the messaging apps WhatsApp and Signal to find victims. The aim of the Russian-organized operations is to get victims to reveal the PIN codes of the messaging apps, the Dutch military intelligence service and the domestic intelligence service said in a joint warning. The information statement did not specify when the Kremlin campaign began.
The hackers are posing as chatbots for the customer support service of Signal, extracting PIN codes from users, which then allow them to take over the account and access all communications and group chats. Criminals have also used the connected devices feature, which allows them to connect to other user devices, thus gaining even broader access to victims’ communications.
The campaign is aimed at government personnel, as well as individual Kremlin-interested individuals, including journalists. Intelligence agencies stressed that individual accounts were affected, but the apps are generally safe. Signal is widely used by officials because the app is considered a secure and independent communication channel, and has been recommended as safe for use by European Union officials for external communications since 2020. However, Peter Reesink, director of the Netherlands Military Intelligence Service, pointed out that,
despite the fact that messages are encrypted, neither Signal nor WhatsApp should be used to transmit secret or sensitive information.
Last year, US Defense Secretary Pete Hegseth and other senior US military officials were criticized after it was revealed that they had used Signal to exchange classified information.
WhatsApp’s head of communications, Joshua Breckman, said the company was continuing to work to better protect users from online threats. He added that the six-digit code should never be shared with anyone.
Signal did not immediately respond to a request for comment. On X, the company said it was aware of phishing attacks that had led to user accounts being compromised. The company said Signal’s encryption system and infrastructure were not compromised and remain secure.
The Russian government did not comment.
Read also: Estonian woman arrested in Cyprus on suspicion of spying for Iran