Cybersecurity officials from the Netherlands and Portugal have raised alarms about a coordinated cyber campaign orchestrated by the Kremlin, aiming to breach the messaging accounts of government officials, diplomats, and military personnel on platforms like WhatsApp and Signal.
Methods of infiltration revealed
On Wednesday, Portugal’s Security Information Service reported that attackers are employing a variety of tactics to deceive users into disclosing their passwords and access codes. This has resulted in compromised accounts, allowing unauthorized access to individual and group conversations, shared files, and further phishing attempts targeting the victims’ contacts. Notably, the agency clarified that the attacks do not imply that the messaging platforms themselves have been hacked; rather, attackers are taking advantage of “potentially less cautious use” of these services.
AI-driven impersonation tactics
The security service highlighted the increasing use of artificial intelligence by these hackers to masquerade as technical support personnel or trusted contacts. By collecting audio and visual data from their targets, the attackers can engage them in convincing conversations, whether via text, phone calls, or video chats.
While the Portuguese agency did not disclose the identity of the state responsible for these operations, Dutch intelligence officials have attributed the attacks to Russian actors. They noted that government officials are among the identified “targets and victims,” cautioning that journalists could also be at risk from Moscow’s cyber activities.
Despite the robust encryption features of platforms like WhatsApp and Signal, there are growing concerns regarding their use for sensitive internal communications. Vice Admiral Peter Reesink, director of the Dutch Military Intelligence and Security Service, has advised against relying on these messaging apps for classified or confidential discussions, stating, “Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information.”
In response to these concerns, Signal assured users via a post on X that its encryption and infrastructure remain “robust” and have not been compromised. The company acknowledged the occurrence of “targeted phishing attacks” that have affected some user accounts, including those belonging to government officials and journalists, emphasizing the importance of safeguarding personal identification numbers (PINs) and mobile verification codes.
Both Signal and WhatsApp have issued advisories urging users not to share their security credentials and to be vigilant against unknown messages or calls.