Kremlin Hackers Attempting to Compromise Signal, WhatsApp Accounts Globally

Messaging apps like Signal and WhatsApp have become the default channels for high‑risk communications among diplomats, military leaders, and journalists because of their robust end‑to‑end encryption. However, encryption protects data only in transit; once an attacker gains control of a user’s device or account, the confidentiality guarantee evaporates. This reality makes the platforms attractive targets for state‑backed actors who seek to infiltrate decision‑making circles without triggering a technical breach that would attract public scrutiny.

The Dutch advisory reveals that Russian operators are exploiting the very mechanisms designed for user convenience. By initiating a registration flow with a victim’s phone number, they trigger a verification code sent by the app, then masquerade as support staff to solicit that code. A similar vector involves malicious QR codes or deceptive links that link a hacker’s device to the victim’s account through the "linked devices" feature. These social‑engineering tactics bypass the need for zero‑day exploits, leveraging human error to achieve full account takeover, read encrypted messages, and impersonate the victim in real time.

For organizations and individuals, the episode underscores a shift from pure technical defenses to comprehensive security hygiene. Recommendations now extend beyond patch management to include strict verification code policies, employee training on phishing and QR‑code risks, and regular audits of linked devices. As geopolitical tensions intensify, adversaries will likely refine these tactics, targeting other encrypted services. Proactive user education and layered authentication can restore confidence in encrypted communications, preserving their strategic value in an increasingly hostile cyber landscape.