If you have been using Signal or WhatsApp for work, you might want to double-check your security settings. On Monday, 9 March 2026, the Netherlands’ top intelligence agencies, the General Dutch Intelligence Agency (AIVD) and Dutch Military Intelligence and Security Service (MIVD), warned that Russian-state hackers are running a massive global operation to hijack these accounts.
The scary part? They aren’t actually hacking the apps in the traditional sense because they are simply tricking people into opening the door.
The Support Bot Scam
According to the Dutch intelligence services’ alert, hackers are posing as a Support chatbot from Signal. They send a message to their target, usually a government official, soldier, or journalist, claiming there is a problem with the account. They then ask the user to send over their six-digit verification code to fix it. As soon as that code is shared, the hacker can move the account onto their own device.
Reportedly, they are also abusing the linked devices feature. This is the same tool users utilize to see their chats on a desktop computer, and simply by tricking someone into linking a new device, a hacker can sit back and read every private message or group chat without the owner ever getting an alert.
Why Privacy Apps Are Now Targets
The reason is the apps’ positive reputation among users. Signal has long been the gold standard for privacy because of its scrambled, encrypted messages, and since people trust it so much, it has become the go-to place for officials to discuss sensitive work.
MIVD director Vice-Admiral Peter Reesink explained that this high level of trust is exactly why Russia is so interested. He was very clear that these platforms have limits. “Chat applications such as Signal and WhatsApp are, despite having end-to-end encryption, not channels for classified, confidential, or sensitive information,” he said. Using them for such talks essentially makes you a high-value target for foreign spies.
Red Flags to Watch For
You can spot a privacy breach by checking your group member lists. Keep an eye out for ‘doubles,’ which is when you see the same person listed twice in a group, maybe with a slightly different name. Another warning sign is a member whose name has changed to “Deleted account” without the app sending you a proper system notification.
AIVD Director-General Simone Smit pointed out that the apps themselves are still functioning correctly. “It’s not that Signal or WhatsApp are compromised as an entire application; the threat goes out to accounts of individual users,” she said.
Expert’s comments:
In a comment shared with Hackread.com, Ben Clarke, SOC Manager at CybaVerse, noted that these consumer apps aren’t designed with state-level security in mind. Unlike official government systems, these apps cannot be easily monitored for unauthorised access.
“Compromised accounts can also be used as a staging platform for further attacks: WhatsApp has previously been used to deliver malware like SORVEPOTEL, which was designed to self-propagate via contacts on the app, using one compromised account to send malicious ZIP files to others, and then performing the same action recursively with every further compromised account. Authorised channels ought to be the norm for sensitive state communications, and officials need to remain within these and away from third parties.”
This isn’t an isolated incident because these tactics match a global trend recently highlighted by Hackread.com, citing findings from Google’s Threat Intelligence Group. Their research confirms that Russian-backed actors are increasingly targeting secure apps to intercept talks involving politicians and activists. While initially focused on the conflict in Ukraine, experts warn these methods are now spreading to other regions.
Deeba Ahmed
