By Anthony Deutsch AMSTERDAM, March 9 (Reuters) - Russian-backed hackers have launched a global cyber campaign to gain access to Signal and WhatsApp accounts used by officials, military personnel and
Russia-backed hackers breach Signal, WhatsApp accounts of officials, journalists, Netherlands warns
Russian-backed Cyber Campaign Targets Secure Messaging Apps
By Anthony Deutsch
AMSTERDAM, March 9 (Reuters) - Russian-backed hackers have launched a global cyber campaign to gain access to Signal and WhatsApp accounts used by officials, military personnel and journalists, two intelligence agencies in the Netherlands warned on Monday.
Methods Used by Hackers
Users are persuaded in chats initiated by the hackers to divulge security verification and pin codes, giving them access to personal accounts and group chats, they said in a statement.
"The Russian hackers have likely gained access to sensitive information," the General Dutch Intelligence Agency (AIVD) and Dutch Military Intelligence and Security Service (MIVD) said.
"Targets and victims of the campaign include Dutch government employees" and journalists, the agencies said.
Why Messaging Apps Are Vulnerable
The chat apps offering end-to-end encryption are popular with government officials for sharing confidential or classified information, making them "the ideal place for malicious actors to try to capture sensitive information," they said.
Official Responses from WhatsApp and Signal
WhatsApp, in a reaction sent to Reuters, said users should never share their six-digit code with others and that it continued to build ways to protect people from online threats.
Signal said on social media that the targeted attacks were "executed via sophisticated phishing campaigns, designed to trick users into sharing information" and that its encryption and infrastructure had not been compromised.
Phishing Tactics and Account Compromise
Users Persuaded to Divulge Security Codes
The hackers most frequently masquerade as a Signal Support chatbot to induce targets to divulge the codes, enabling them to take control of the accounts, the statement said.
Another method is to use the ‘linked devices’ function within Signal, it said.
Signs of Account Compromise
Contacts appearing twice in a user's contact list, or numbers showing up as 'deleted account' could indicate that an account has been compromised, the agencies said.
Government Response and Security Recommendations
Dutch authorities issued a cyber advisory notifying government colleagues of the vulnerability and providing assistance to eliminate the threat, a spokesman said, citing the joint operation with the AIVD general intelligence service.
"Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information," said MIVD director, Vice-Admiral Peter Reesink.
Reporting and Editing Credits
(Reporting by Anthony Deutsch; Editing by Bernadette Baum and Tomasz Janowski)
