Dutch Intelligence Warns of Russian Hackers Targeting Diplomats and Military via Signal and WhatsApp

Dutch intelligence warns that Russian hackers are using social engineering to hijack Signal and WhatsApp accounts belonging to diplomats and military staff.

By: AXL Media

Published: Mar 9, 2026, 11:12 AM EDT

Social Engineering Tactics Sidestep End to End Encryption

Dutch intelligence agencies, including the AIVD and MIVD, have issued a critical warning regarding a Russian state-led operation targeting high-value individuals on encrypted messaging platforms. According to Simone Smit, Director-General of the AIVD, the campaign does not rely on technical vulnerabilities within Signal or WhatsApp itself. Instead, hackers are employing social engineering to trick targets into revealing verification codes and PINs. This approach bypasses the apps' celebrated end-to-end encryption by compromising the account at the user level, allowing attackers to masquerade as the legitimate account owner.

Exploitation of Support Chatbots and Linked Device Features

Investigators have identified two primary methods used by the Russian operatives to infiltrate secure communications. In the first scenario, hackers pose as official Signal support chatbots, sending fraudulent messages that prompt users to share login credentials under the guise of security verification. The second method exploits the "linked devices" feature common to both Signal and WhatsApp. By convincing a user to share a verification code, the attackers can pair an additional device to the target's account, granting them real-time access to private messages and group chat histories without the user's immediate knowledge.

Misplaced Trust in App Reputation Leveraged by Attackers

Security officials noted that the attackers appear to be deliberately leveraging the strong security reputations of applications like Signal. Because these platforms are widely marketed as impenetrable, many users—including military staff and government officials—may have developed a false sense of security. Vice Admiral Peter Reesink, Director of the MIVD, emphasized that despite robust encryption, these applications are not appropriate channels for handling classified or sensitive state information. The hackers are reportedly banking on this misplaced trust to lower the guard of their targets during the initial contact phase.