Russian hackers supported by the Kremlin have gained access to the WhatsApp and Signal accounts of government officials, military personnel, and journalists, according to a warning issued on March 9 by two Dutch intelligence agencies.
The General Intelligence and Security Service of the Netherlands (AIVD) and Dutch Military Intelligence and Security Service (MIVD) said that "the Russian hackers likely gained access to sensitive information through this campaign."
AIVD and MIVD said they "can confirm that targets and victims of the campaign include Dutch government employees."
"The Dutch services also believe that other persons of interest to the Russian government, such as journalists, may possibly be targeted by this campaign," the agencies said in a news release.
The MIVD director, Vice-Adm. Peter Reesink, said that "despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information."
The spy agencies said the most frequently used method being deployed by the Russian hackers is to "masquerade as a Signal Support chatbot in order to induce their targets to divulge their codes."
The hackers then use security verification codes to take over the individual's Signal account.
The agencies said hostile actors from Russia were also exploiting the "linked devices" feature in both Signal and WhatsApp.
"Signal is renowned as a reliable and independent communication channel which offers end-to-end encryption," the agencies said. "This makes it an attractive channel for use within governments wishing to protect their internal communication.
"It also makes it the ideal place for malicious actors to try to capture sensitive information."
Encryption Has ‘Overlooked Weakness’
Andy Jenkinson, fellow at the Cyber Theory Institute and author of several books on cybercrime and hacking, told The Epoch Times that the Russian hacking operation "highlights a critical but often overlooked weakness in end-to-end encryption: the infrastructure that surrounds it.""Even if messages are encrypted between users, unsecured DNS records, routing servers, and distribution networks that deliver those messages are vulnerable," Jenkinson said.
"Partial DNSSEC signing and misconfigured DNS records can enable attackers to perform man-in-the-middle attacks, impersonate services, or redirect traffic without users noticing."
Jenkinson said that when this issue is combined with spyware that captures data before encryption or after decryption on devices, "these weaknesses undermine the promise of total privacy."
"The lesson is clear: encryption alone does not guarantee security when the underlying internet infrastructure remains exposed and unsecured," Jenkinson stated.
“Due to Meta’s unwillingness to comply with Russian law, such a decision was indeed made and implemented,” Kremlin spokesman Dmitry Peskov told reporters at the time, suggesting that Russians switch to the state-owned messenger app MAX instead.
"Russia's use of cyber operations in support of military objectives in the war against Ukraine and beyond is multifaceted. On a tactical level, targeting has broadened to include individuals in addition to organizations," Google said in a blog published at the time.
At the time, Ukraine’s intelligence chief, Kyrylo Budanov, alleged that Russian spies were able to access the personal messages of Telegram users, including deleted messages, and their data.
A spokesman for Meta, which owns WhatsApp, told The Epoch Times, in an email: "Users should never share their six-digit code with others.
"We continue to build ways to protect people from online threats and recently announced strict account settings."
The Epoch Times reached out to Signal for comment but did not receive a response by publication time.