Dutch intelligence agencies, both AIVD and MIVD, issued a warning for WhatsApp and Signal users on the 9th of March, 2026. This warning was regarding an enormous cyber operation that was being conducted by Russia. Although the end-to-end encryption of these two applications is safe, attackers have managed to bypass these techniques by using individual user accounts. This is an advanced operation, as it has already caused significant data leaks.
Security Alert Overview
The AIVD and MIVD have detected a global campaign where Russian state hackers use social engineering to take over people’s messaging accounts. Unlike typical hacks in which attackers exploit existing bugs in code to gain control, in this case, attackers seek to trick people into surrendering the keys to their virtual lives.
The AIVD and MIVD agencies have identified that many Dutch government employees, along with various international targets, have been compromised by Russian intelligence services, allowing them to monitor their private conversations in real time.
Who Is Being Targeted?
This is not a random attack on the general public; it is an espionage campaign. The targets of this espionage campaign include:
Government Officials & Civil Servants: They have access to government policy information as well as government internal data.
Military Personnel: They are involved in defense strategies or operations.
Journalists & Researchers: They cover Russian news or geopolitically sensitive information.
Dignitaries & Diplomats: They are high-profile individuals who might use these apps for off-the-record professional communication.
However, as the alert is for global targets, anyone in the professional circle of these targets could likely be used as a stepping stone for infiltration.
How the Attack Campaign Works
The Russian hackers’ two main methods for evading security measures:
Support Bot Impersonation: Attackers pretend to be legitimate security bots and deceive the victims into disclosing their SMS verification codes or Signal PINs for the purpose of solving account-related problems. The hackers are able to create an account on their own devices using the victims’ credentials.
Malicious Device Linking: The attackers send false QR codes, mostly in the form of group chat invitations, that, when scanned, link the attacker’s computer to the victim’s account without their consent. The attackers get access to the victim’s real-time private messages.
Why Messaging Apps Are a Target
The very same aspects of Signal and WhatsApp that make them attractive to users, end-to-end encryption, make them attractive to spies. As these apps have been deemed secure, users may have a false sense of security and share confidential information they would not even consider sending in a regular email.
The Russian spies understand that instead of attacking the encryption, they can gain access to the account and have a window into the most private and real-time coordination of their adversaries.
How Users Can Stay Safe
To ensure the security of your communication, the security agencies have recommended the following immediate actions:
Never Share Codes: Official support will never ask you to provide your SMS code or PIN in a chat. If you receive such a request from a user, block them immediately.
Audit Linked Devices: Every now and then, go to Settings > Linked Devices. If you find an unknown device, remove it at once to prevent unauthorized access.
Enable Registration Lock: For Signal, enable Registration Lock in your account settings. This will prompt your PIN to register your number on a new device.
Use Apps Appropriately: According to the MIVD, no commercial messaging application should be used for classified and sensitive state information.
Broader Cybersecurity Context
This is part of an increasing trend in which state-sponsored actors, such as the Russian-sponsored Laundry Bear or Secret Blizzard, are shifting away from complex malware attacks and into more human-centric attacks that involve social engineering.
By attacking the weakest link, the end user, state-sponsored actors are evading the billions invested in cybersecurity. As communication networks become more decentralized, the security of the individual has become the new front in national security.
Conclusion
The Dutch intelligence agencies have clearly stated that the threat is active, global, and effective. The users must not think that the encryption alone will protect them from espionage. The security agencies are advising that all high-risk users must perform an immediate audit of their messaging app security settings.