Russia targets Signal and WhatsApp accounts in cyber campaign, Dutch Intel finds

Download the report: Cybersecurity Advisory - Phishing via messaging apps Signal and WhatsApp (pdf, 9 pages)

Russian state hackers are engaged in a large-scale global cyber campaign to gain access to Signal and WhatsApp accounts belonging to dignitaries, military personnel and civil servants. The Dutch intelligence and security services MIVD and AIVD can confirm that targets and victims of the campaign include Dutch government employees. The Dutch services also believe that other persons of interest to the Russian government, such as journalists, may possibly be targeted by this campaign.

...

• The actors primarily make use of phishing and social engineering techniques to take over accounts or to link their devices.
• The advice of the Dutch services is that sensitive information should not be communicated using messaging apps which are neither intended nor suitable for this purpose.
• It is important to remain alert to messages that appear to be sent by Signal. The Signal customer service department never makes direct contact via a Signal message.
• Users are also advised to ignore requests via QR codes or links unless the legitimacy of the QR code or link has first been verified through contact with the purported sender.
• If a user discovers that their account has been compromised, they should inform all their contacts via another channel.
• Users can check for compromised contacts themselves; if a contact appears twice in Signal chat groups or has an unusual name, this may indicate a compromise.
• The Dutch services wish to stress that they are referring to the compromise of individual accounts and are not suggesting that Signal or WhatsApp themselves have been compromised.

...