2026-03-11 13:02:01
Signal has warned users to remain alert to scams after intelligence agencies said hackers linked to Russia were targeting accounts on the messaging platform by impersonating support staff and attempting to steal login details.
The alert follows a warning from the General Intelligence and Security Service and the Military Intelligence and Security Service that a large-scale cyber campaign had targeted individuals using Signal and WhatsApp.
The agencies said the attacks appeared to be linked to Russian state-backed actors and were aimed at people of interest to the Russian state, including government officials, military personnel and journalists.
The operation involved phishing techniques designed to trick users into revealing verification codes or PIN numbers, allowing attackers to hijack accounts or link their own devices to them.
In a series of posts responding to the warning, Signal said its systems had not been compromised and remained secure.
Signal said: “These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information – SMS codes and/or Signal PIN – to gain access to users’ accounts.”
The company said it was aware of the activity and was taking the reports seriously while urging users to avoid sharing security details.
Signal added its infrastructure and encryption had not been breached and warned verification codes and PIN numbers should never be shared with anyone claiming to be support staff.
According to the company, attackers had been posing as Signal support agents to persuade users to reveal those details, enabling them to gain access to messages and contacts.
The campaign was identified by Dutch intelligence services after reports that government officials and civil servants had been targeted in the operation.
Authorities said the attacks relied on social engineering rather than technical vulnerabilities in the apps themselves.
Simone Smit, director-general of the General Intelligence and Security Service, said: “It is not the case that Signal or WhatsApp as a whole have been compromised. Individual user accounts are being targeted.”
The agencies said the campaign formed part of a global effort aimed at people whose communications could hold sensitive information.
In a public advisory, the intelligence services warned that hackers had posed as customer support staff to persuade victims to share verification codes or connect new devices to their accounts.
Once access was obtained, attackers could read incoming messages or monitor conversations in group chats without the user immediately noticing.
Officials said similar tactics had previously been used in campaigns targeting politicians, diplomats and journalists.
Signal said the attacks demonstrated how criminals increasingly target users rather than attempting to break encryption.
Muhammad Yahya Patel, a cybersecurity adviser at Huntress, told the BBC: “Security features are being weaponised against the users.
“In the past, hackers looked for bugs in code. Now, they are looking for human bugs in how humans interact with apps.”
Muhammad added features such as QR code logins and SMS verification messages – designed to help users recover or link accounts – had become “primary attack vectors being used by criminals”.
Dutch intelligence agencies said the popularity of encrypted messaging apps among officials seeking secure communication had made them attractive targets for espionage operations.
Peter Reesink, director of the Military Intelligence and Security Service, said: “Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information.”
Dr Pia Hüsch, a cyber research fellow at Royal United Services Institute, said many malicious actors were increasingly targeting such platforms – warning: “Sometimes we think of state actors as these incredibly sophisticated threat actors that have all the capabilities and fancy tools… but this is a fairly basic way to try to gain access to something.”
Visit Bang Premier (main website)
