Russian Hackers Successfully Breach Dutch Officials' Encrypted Messaging Apps
The Hague, Tuesday, 10 March 2026.
Dutch intelligence services revealed that Russian state hackers have compromised Signal and WhatsApp accounts belonging to government officials, military personnel, and journalists. The attackers exploited legitimate security features rather than app vulnerabilities, posing as support staff to steal verification codes and PIN numbers. This allows them to read encrypted messages and access sensitive communications across chat groups, representing a significant escalation in digital espionage targeting the Netherlands.
How the Attack Works: Exploiting Trust and Security Features
The Russian hackers employed sophisticated social engineering tactics rather than exploiting technical vulnerabilities in the messaging applications themselves [1][2]. The attackers posed as Signal support staff and used fake chatbots to trick users into sharing their verification codes and PIN numbers [1][3]. “Security features are being weaponised against the users,” explained Muhammad Yahya Patel, cybersecurity advisor at security firm Huntress [1]. The campaign also exploited legitimate security features by getting users to add devices to their accounts through clicking malicious links or scanning QR codes [2]. Once access is gained, hackers can scan accounts and read all communications within chat groups, potentially accessing highly sensitive government and military information [2][3].
Timeline and Scale of the Campaign
The campaign represents an escalation of Russian cyber operations that began in 2023 [2]. In 2023 and 2024, Russian hackers initially attempted to compromise US government and defense users by sending phishing emails containing QR codes [2]. By 2025, the attacks had expanded to target Signal users globally, including officials, NGO employees, military personnel, and journalists [2]. The Dutch intelligence services AIVD and MIVD confirmed that “enkele chataccounts” of Dutch government employees were compromised during 2025 [2]. The warning issued on Monday, March 9, 2026, followed similar alerts from German security services in February 2026, who warned of campaigns targeting high-ranking political, military, diplomatic figures and investigative journalists across Germany and Europe [2].
Why Signal and WhatsApp Were Targeted
Russian hackers specifically targeted these encrypted messaging platforms due to their reputation for security and widespread adoption among government officials [1][2][3]. “Dutch officials have been told to switch from WhatsApp to Signal. That messaging service therefore has an aura of safety around it,” explained Ronald Prins, a cybersecurity expert [2]. Signal’s reputation as a reliable, independent communication tool with end-to-end encryption has made it particularly popular among governments worldwide [3]. However, MIVD director Peter Reesink emphasized the limitations: “Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information” [1]. The apps’ technical security remains intact, but the human element presents the vulnerability that attackers exploit [3].
Detection and Protection Measures
Dutch intelligence agencies have developed specific methods to help users identify compromised accounts within their chat groups [3]. Signal users can check for potentially compromised contacts by looking for duplicate entries in group member lists, sometimes with slightly different names, which may indicate both the compromised account and a new account created by the victim [3]. Zahier Madhar, Security Evangelist at Check Point Software, noted that “attackers are increasingly focusing on the weakest link: the user” rather than attempting to break encryption [3]. The AIVD and MIVD have published comprehensive cyber advice recommending that users regularly check their list of linked devices, ignore unsolicited group invitations, and consider enabling disappearing messages [2][3]. Both Signal and WhatsApp have issued warnings advising users never to share PIN codes or verification codes with anyone, regardless of who requests them [1].