<\/p>\n
Dutch intelligence agencies have issued a stark warning regarding a new, highly sophisticated global cyber campaign. Two intelligence agencies in the Netherlands warned earlier this week that Russian-backed hackers are gaining access to Signal and WhatsApp accounts used by officials, military personnel and journalists.<\/p>\n<\/div>\n
\u201cThe Dutch intelligence and security services MIVD and AIVD can confirm that targets and victims of the campaign include Dutch government employees. The Dutch services also believe that other persons of interest to the Russian government, such as journalists, may possibly be targeted by this campaign.\u201d reads a blog by the agencies.<\/p>\n<\/div>\n
Here is a breakdown of how the attacks are happening, the warning signs to look out for, and how to stay safe:<\/p>\n<\/div>\n
On Signal<\/a>, the bad actors are said to be masquerading as a legitimate Signal support chatbot in order to trick users into giving up crucial codes that would allow them to take control of the accounts.<\/p>\n<\/div>\n The hackers send messages claiming suspicious activity has been detected on the account and urge victims to complete a verification process. During this process, the attackers ask for an SMS verification code or the user’s Signal PIN which allows them to bypass the security locks and completely take control of the account.<\/p>\n<\/div>\n \u201cBecause Signal stores the chat history locally on the phone, a victim can regain access to that history after re-registering. As a result, the victim may assume that nothing is wrong. The Dutch services want to stress that this assumption could be incorrect,\u201d the report notes.<\/p>\n<\/div>\n Another trick uses the QR code and “linked devices” functionality present on both platforms where the attackers persuade victims to scan a QR code or click on a link.<\/p>\n<\/div>\n The report notes that the attackers may send malicious links disguised as invitations to join group chats but this QR code or link instead allows the attacker’s device to become silently linked to the account.<\/p>\n<\/div>\n Bad actors are then able to monitor ongoing conversations and read message histories without the legitimate user immediately noticing.<\/p>\n<\/div>\n In a post on X, Signal responded to the report, writing, \u201cSignal\u2019s encryption and infrastructure have not been compromised and remain robust. These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information \u2013 SMS codes and\/or Signal PIN \u2013 to gain access to users\u2019 accounts.\u201d<\/p>\n<\/div>\n \u201cThese attacks, like all phishing, rely on social engineering. Attackers impersonate trusted contacts or services (such as the non-existent \u201cSignal Support Bot\u201d) to trick victims into handing over their login credentials or other information. To help prevent this, remember that your Signal SMS verification code is only ever needed when you are first signing up for the Signal app.\u201d the company added.<\/p>\n<\/div>\n Meanwhile, a Meta spokesperson told TechCrunch that WhatsApp<\/a> suggests users never share their six-digit code with anyone while pointing them to a Help Center page to help users recognise suspicious messages, and a page about the Linked Devices feature.<\/p>\n<\/div>\n In order to protect yourself from these sophisticated phishing attempts, the report<\/a> also recommended taking the following safety precautions:<\/p>\n<\/div>\nWhat do WhatsApp and Signal say?<\/h2>\n
How to stay safe?<\/h2>\n