Dutch intelligence agencies have issued a stark warning regarding a new, highly sophisticated global cyber campaign. Two intelligence agencies in the Netherlands warned earlier this week that the Russian backed hackers are gaining access to Signal and WhatsApp accounts used by officials, military personnel and journalists.
“The Dutch intelligence and security services MIVD and AIVD can confirm that targets and victims of the campaign include Dutch government employees. The Dutch services also believe that other persons of interest to the Russian government, such as journalists, may possibly be targeted by this campaign.” reads a blog by the agencies
Here is a breakdown of how the attacks are happening, the warning signs to look out for, and how to stay safe:
How are hackers gaining access to your WhatsApp and Signal?
On Signal, the bad actors are said to be masquerading as legitimate Signal support chatbot in order to trick users into giving up these crucial codes that would allow them to take control of the accounts.
The hackers send messages claiming suspicious activity has been detected on the account and urge victims to complete a verification process. During this process, the attackers ask for SMS verification code or the user’s Singal PIN which allows them to bypass the security locks and completely take control of the account.
“Because Signal stores the chat history locally on the phone, a victim can regain access to that history after re‑registering. As a result, the victim may assume that nothing is wrong. The Dutch services want to stress that this assumption could be incorrect,” the report notes
Another trick uses the e QR code and “linked devices” functionality present on both platforms where the attackers persuade the victims to scan a QR code or click on a link.
The report notes that the attackers may send malicious links disguised as invitations to join group chats but this QR code or link instead allows the attacker’s device becomes silently linked to the account.
Bad actors are then able to monitor ongoing conversations and read message histories without the legitimate user immediately noticing.
What do WhatsApp and Signal say?
In a post on X, Signal responded to the report, writing, “Signal’s encryption and infrastructure have not been compromised and remain robust. These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information – SMS codes and/or Signal PIN – to gain access to users’ account”
“These attacks, like all phishing, rely on social engineering. Attackers impersonate trusted contacts or services (such as the non-existent “Signal Support Bot”) to trick victims into handing over their login credentials or other information. To help prevent this, remember that your Signal SMS verification code is only ever needed when you are first signing up for the Signal app.” the company added
Meanwhile, Meta spokesperson told TechCrunch that WhatsApp suggests users to never share their six-digit code with anyone while pointing them to a Help Center page to help users recognize suspicious messages, and a page about the Linked Devices feature.
How to stay safe?
In order to protect yourself from these sophisticated phishing attempts, the report also recommended taking the following safety precautions:
- The advistory warns against sending classified or sensitive information via apps like Signal and WhatsApp.
- Never share your verification codes: Signal will never contact you via an in-app message or SMS to ask for your six-digit registration code or account PIN. Block any such messages that ask for your pin.
- Enable two-step verification: On WhatsApp, turn on ‘Two-Step Verification’ in your account settings. On Signal, enable ‘Registration Lock’. This will add an additional layer of security to your account
- Turn on disappearing messages: The experts suggest turning on disappearing messages feature. In case the device is compromised, the this feature should prevent the bad actors from gaining access to the entire chat history.
