Dutch intelligence agencies warn that attackers are bypassing encryption by taking over messaging accounts instead of breaking the apps themselves.

 

What happened

Dutch intelligence and military security agencies have warned of a large-scale campaign linked to Russian cyber actors targeting Signal and WhatsApp accounts belonging to government officials, journalists, and military personnel. According to reporting by The Register, the attackers are not attempting to break the end-to-end encryption used by the messaging platforms. Instead, they rely on social engineering tactics that trick victims into sharing authentication verification codes or account PINs. Once the code is obtained, attackers can log into the account and access messages, contacts, and group chats. In some cases, the attackers impersonate a Signal support bot to request the code, while another tactic involves abusing Signal’s linked devices feature to connect an attacker-controlled device and mirror messages in real time. Dutch authorities said victims already include employees within the Dutch government and warned that sensitive information may have been exposed.

 

Going deeper

Account takeover attacks against encrypted messaging platforms rely on weaknesses in authentication workflows rather than flaws in the encryption itself. End-to-end encryption protects messages while they travel between users, however it does not stop attackers from reading conversations if they gain control of the account. Social engineering is often the entry point because verification codes and device linking features are designed for legitimate account recovery and multi-device access. Attackers exploit these features by persuading victims that the request is routine or required for support. Once access is gained, attackers can quietly monitor conversations, gather sensitive information from group chats, or use the compromised account to target additional contacts.

 

What was said

Dutch intelligence agencies AIVD and MIVD warned that the activity is part of a “large-scale” campaign targeting messaging accounts used by government officials and journalists. The agencies said attackers had likely already accessed sensitive information from compromised accounts. MIVD director Peter Reesink said in the advisory released on March 9, 2026, “Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential, or sensitive information.” A spokesperson for Meta also told The Register that users should never share their six-digit verification codes and that the company provides guidance on how WhatsApp users can protect themselves from account takeover scams.

 

In the know

Researchers warn that Russian state-backed hackers are targeting messaging apps such as Signal and WhatsApp used by military personnel and government officials, often using tailored spear phishing attacks to gain access to private communications. Experts noted that the informal use of consumer messaging platforms means they are often outside formal corporate security oversight. One analyst said that “third party consumer-oriented platforms like Signal and WhatsApp are ultimately not developed with state-level usage in mind, and they lack the protocols and stringency that more bespoke systems are designed around.” He added that “attacking these third-party channels can be especially lucrative for state actors, who are able to dedicate the time and resources into crafting spear phishing campaigns that are tailored and highly relevant to small groups and specific individuals.”

 

The bottom line

Government security agencies have increasingly cautioned officials about relying on consumer messaging apps for sensitive communications. The Cybersecurity and Infrastructure Security Agency has warned that encrypted messaging platforms can still be compromised through account takeover techniques. Guidance from cybersecurity authorities notes that while end-to-end encryption protects messages while they travel between users, it does not prevent risks such as account compromise, device theft, or social engineering. As a result, many governments and defense organizations use dedicated secure communication systems for classified information and limit the use of consumer messaging apps for operational discussions.

 

FAQs

Why are attackers targeting messaging apps like Signal and WhatsApp?

Messaging platforms are widely used by officials and journalists for day-to-day communication, making them attractive intelligence targets once an account can be compromised.

 

Does end-to-end encryption fail in these attacks?

Encryption still protects messages during transmission, however it cannot stop attackers who successfully log into the account itself.

 

What is a linked device attack?

Messaging platforms often allow additional devices to connect to an account. If an attacker links their own device, they can read messages without needing to break encryption.

 

What signs may indicate an account has been compromised?

Indicators can include unknown linked devices, duplicate contacts appearing in a list, unexpected login alerts, or messages sent from the account that the user did not write.

 

How can users protect their messaging accounts?

Users should never share verification codes, enable additional security features such as PIN protections or device verification, and regularly review linked devices connected to their accounts.