One message, one QR code, and your account has been stolen... This is how Russian-linked hackers compromised WhatsApp and Signal accounts.
An international cyberattack campaign is targeting the private messaging accounts of military personnel, government officials, and journalists. Dutch intelligence services are warning of this, explaining that hackers linked to the Russian government are using digital phishing techniques to gain access to personal files on apps like WhatsApp and Signal.
This warning is based on a joint report by the Defense Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD). The report states that they have detected a "global cyber campaign" targeting individuals who may be of interest to the Russian government, including Dutch government employees and other professionals with access to sensitive information.
The document details how attackers use social engineering and phishing techniques—that is, deception—to trick victims into unknowingly handing over their data. One strategy involves sending fake links or fraudulent QR codes that invite the user to join a group or log in from another device. If the user follows these instructions, the attackers can link the account to their devices and take control of it.
If cybercriminals gain access to the account, they can see contact phone numbers, private conversations, and group chats. In other words, they can view all the information contained in these messages. Another method they can use is impersonating the app's support service.
Furthermore, in the case of Signal, cybercriminals send users an alert about alleged "suspicious activity" on their accounts, requesting that they share the verification code received via SMS and their account's PIN. If they obtain this information, they can take control of the profile and change the associated phone number.
How to avoid becoming a victim of this type of attack:
- Do not share the codes you receive via SMS.
- Be wary of unknown links or QR codes, and check the devices on which the session was opened.
- Avoid sending sensitive information via these applications.
- Activate the disappearing messages feature to automatically delete conversations.
Signal insists its encryption remains secure, while WhatsApp reminds users that the six-digit code should never be shared.