Overview
- Dutch services AIVD and MIVD attribute a large, long‑running phishing campaign to Russian state actors targeting accounts on Signal and WhatsApp.
- Targets include government officials, military personnel and journalists, with Dutch government employees among confirmed victims.
- Attackers impersonate “Signal Support” to obtain verification and PIN codes and exploit linked‑device features, which can expose recent messages and group chats; authorities say QR linking can reveal up to 45 days of Signal history.
- The agencies report a high probability that sensitive information was accessed and have issued guidance for detection and remediation, cautioning against using these apps for secret material.
- WhatsApp urged users never to share six‑digit verification codes, and independent reporting documents widespread attempts since late 2025 while noting limited public evidence for the Russian attribution.