Russia-linked hackers target messaging apps of European officials, intelligence agencies warn

The Kremlin is running a global cyber campaign to infiltrate WhatsApp and Signal accounts of government officials, diplomats and military personnel, Dutch and Portuguese intelligence agencies warned.

Portugal's Security Information Service said on Wednesday that attackers are using various methods to trick users into sharing passwords and access codes, compromising accounts, reading individual and group conversations, accessing shared files and launching new phishing campaigns targeting contacts.

The agency said the attacks do not mean WhatsApp or Signal platforms themselves have been compromised. Instead, hostile agents are exploiting "potentially less cautious use" of the messaging services.

Attackers are increasingly using artificial intelligence tools to impersonate technical support staff or trusted contacts, the SIS said. They collect voice and image records of targets to engage in natural-sounding conversations via messages, phone calls or video calls.

The SIS did not identify the state behind the campaign.

Dutch intelligence and security services said Monday that Russia is behind the attacks. Dutch authorities confirmed government officials are among the "targets and victims" and warned journalists may also be targeted by Moscow.

The reputation of WhatsApp and Signal as secure platforms has led governments to use them for internal communications. The Dutch Military Intelligence and Security Service advised against this practice.

"Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information," said Vice Admiral Peter Reesink, director of the Dutch military intelligence service.

Signal said in a post on X that its encryption and infrastructure remain "robust" and have not been compromised.

The company said it is taking reports of malicious activity "very seriously" and acknowledged that "targeted phishing attacks" have compromised some Signal user accounts, including those of government officials and journalists.

Signal urged users not to share their PINs or mobile verification codes. WhatsApp issued similar instructions, warning users not to share the six-digit codes used to secure accounts. Both recommended blocking unknown messages or calls.