Article in deDeutsch Article in enEnglish Article in esEspañol Article in frFrançais Article in nlNederlands Article in ptPortuguês

Russian Hackers Target Signal & WhatsApp: Complete Guide to Social Engineering Attacks

0
0
Geopolitics 5 min read 0% read

Russian state hackers compromised Signal & WhatsApp accounts of Dutch government employees using smishing and quishing social engineering attacks in 2026. Learn how to protect against psychological manipulation tactics.

russian-hackers-signal-whatsapp-attacks
Facebook X LinkedIn Bluesky WhatsApp
de flag en flag es flag fr flag nl flag pt flag

Russian Hackers Target Signal & WhatsApp: Complete Guide to Social Engineering Attacks

Russian state hackers have successfully compromised Signal and WhatsApp accounts of Dutch government employees through sophisticated social engineering attacks that exploit human psychology rather than technical vulnerabilities, according to intelligence agencies AIVD and MIVD. The 2025 cyber espionage campaign represents a significant shift in cyber warfare tactics, targeting the human element in security systems rather than attempting to break encryption protocols.

What Are Smishing and Quishing Attacks?

The Russian hackers employed two primary tactics: smishing (SMS phishing) and quishing (QR code phishing). In smishing attacks, hackers sent fraudulent text messages posing as legitimate support chatbots from Signal or WhatsApp, requesting users to confirm security codes. When victims complied, they inadvertently gave attackers full control over their accounts. Quishing attacks involved malicious QR codes that, when scanned, allowed hackers to link additional devices to victims' accounts, enabling them to read all messages remotely.

Cybersecurity expert Jort Kollerie, strategic advisor at Orange Cyberdefense, explained the psychological manipulation: 'The security is excellent technically, but this is about the human element. The target is being manipulated. The human psyche is being played with.' Kollerie compared the tactic to someone in a delivery uniform gaining access to secure buildings - people naturally trust familiar appearances and urgent requests.

How the Attack Campaign Works

Signal Account Compromise

For Signal accounts, hackers impersonated the app's official support team, sending messages that appeared to come from 'Signal Support.' These messages claimed there were security issues with the user's account and requested SMS verification codes and PIN numbers. Once obtained, attackers could register new devices to the victim's account, effectively taking control while the legitimate user remained logged in on their original device.

WhatsApp Account Takeover

WhatsApp attacks exploited the platform's 'Linked Devices' feature. Hackers sent malicious QR codes or links that, when scanned, allowed them to connect their own devices to victims' accounts. Unlike Signal, WhatsApp syncs chat history across linked devices, meaning attackers could potentially access past conversations as well as real-time messages.

Psychological Manipulation Techniques

The hackers employed sophisticated psychological tactics to bypass users' natural caution:

  • Fear and Urgency: Messages created artificial time pressure, suggesting immediate action was required to prevent account suspension or security breaches
  • Authority Impersonation: Hackers presented themselves as official support representatives from trusted organizations
  • Familiar Interface: Messages used official branding, logos, and language patterns identical to legitimate communications
  • Social Proof: Some attacks referenced other 'affected users' to create a sense of widespread issues requiring immediate attention

Kollerie emphasized that these tactics work because they exploit fundamental human behaviors: 'It has nothing to do with the technical security of the apps. The security is excellent, but it's about the human. They're being manipulated here.'

Impact on National Security

The Dutch intelligence services confirmed that government employees, military personnel, and potentially journalists were among the targets. While the exact information compromised remains classified, the potential damage is significant. The Dutch cybersecurity infrastructure faces ongoing threats from state-sponsored actors seeking sensitive information about government operations, military strategies, and diplomatic communications.

The AIVD and MIVD issued a joint Cyber Advisory warning that while Signal and WhatsApp offer end-to-end encryption, they should not be used for classified or highly sensitive government information. The advisory notes that once accounts are compromised, hackers can access incoming messages, including group chats, potentially exposing multiple individuals and organizations.

Protection Measures and Best Practices

To protect against similar attacks, cybersecurity experts recommend:

  1. Never Share Verification Codes: Legitimate services will never ask for SMS verification codes or PIN numbers via message
  2. Verify Through Alternative Channels: If contacted by 'support,' verify through official websites or known contact methods
  3. Enable Additional Security Features: Use registration locks and two-factor authentication where available
  4. Monitor Account Activity: Regularly check linked devices and active sessions in app settings
  5. Report Suspicious Messages: Forward suspicious communications to official security teams

The Dutch agencies specifically recommend that users watch for signs of compromise including duplicate accounts appearing in chat groups, sudden display name changes they didn't make, or unexpected requests to verify accounts.

Global Implications and Response

This campaign appears to be part of a broader global operation targeting government officials, military personnel, and journalists worldwide. The international cybersecurity community has noted increased sophistication in social engineering attacks, with AI-generated content making fraudulent communications increasingly difficult to distinguish from legitimate messages.

Signal and WhatsApp have both issued statements emphasizing that their encryption protocols remain secure and that these attacks exploit user behavior rather than technical vulnerabilities. Both companies advise users to be cautious of any unexpected verification requests and to use official support channels for assistance.

Frequently Asked Questions

What is smishing and quishing?

Smishing is SMS phishing where attackers send fraudulent text messages to trick victims. Quishing is QR code phishing where malicious QR codes redirect users to fraudulent sites or enable device linking.

How can I tell if my Signal or WhatsApp account has been compromised?

Check for unfamiliar linked devices in your app settings, look for duplicate accounts in group chats, and monitor for messages you didn't send or display name changes you didn't make.

Should I stop using Signal and WhatsApp for sensitive communications?

While these apps offer strong encryption, the Dutch intelligence services recommend they should not be used for classified government information. For personal sensitive communications, they remain secure if users follow proper security practices.

What should I do if I receive a suspicious verification request?

Do not respond or share any codes. Contact the service through their official website or app using known contact methods to verify the request's legitimacy.

Are these attacks limited to government employees?

While government employees appear to be primary targets, similar tactics could be used against any user. All Signal and WhatsApp users should be aware of these social engineering techniques.

Sources

AIVD/MIVD Cyber Advisory
TechCrunch Report
BNR Original Report
Jort Kollerie Cybersecurity Expert

Related

friendshoring-global-trade-2025
Geopolitics
Geopolitics

Friendshoring Explained: How Geopolitical Realignment Reshapes Global Trade | Analysis

Friendshoring accelerates in 2025 as companies relocate supply chains to allied nations, prioritizing resilience...