A joint-agency alert details phishing campaigns that trick officials into surrendering security codes, exploiting linked devices to spy on sensitive communications.

Dutch intelligence services say Russian state-backed hackers are running a global phishing operation to hijack Signal and WhatsApp accounts used by officials, military personnel, civil servants, and journalists.

The campaign, which has already hit Dutch government employees, is focused on seizing individual accounts rather than breaking the apps’ end-to-end encryption.

In a joint alert on 9 March 2026, the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD) warned that Russian operators contact targets directly on these platforms and pressure them into revealing one-time security codes or PINs. Specifically:

  • The attackers frequently pose as a Signal “Support” chatbot to make the request appear legitimate, then use the stolen codes to assume full control of the account and quietly monitor private and group conversations.
  • Investigators say the operation also abuses the apps’ linked-device features, which allow users to connect desktops or secondary phones to their accounts.
  • If an attacker successfully registers their own device, they can mirror all incoming and outgoing messages without needing to defeat the underlying encryption.
  • Warning signs include contacts suddenly appearing twice or being relabeled as “deleted account”.

Russian hackers are believed to have “likely” accessed sensitive data via compromised account, and the campaign may extend beyond Dutch targets to other officials and media figures of interest to Moscow. The very popularity of encrypted messaging among policymakers and reporters makes these accounts attractive espionage targets once an attacker can log in as the user.

MIVD chief Vice Admiral Peter Reesink has cautioned that, consumer messaging apps should not be treated as suitable channels for classified or highly confidential communications despite their encryption features.

The Netherlands, which hosts international courts and supports Ukraine, is seen as a prime target for Russian intelligence collection, the agencies noted in earlier reporting. Dutch authorities have issued a cyber advisory to public-sector organizations and are assisting victims with incident response and account hardening.

WhatsApp’s parent company, Meta, has said users should never share their six-digit verification codes, and point to existing guidance on account security, while Signal did not immediately comment on the Dutch warning.