Russia Is Hijacking Signal and WhatsApp Accounts. No Encryption Was Broken.

Dutch intelligence confirmed on March 9, 2026 that Russian state-sponsored hackers have been running a sustained, global campaign to seize Signal and WhatsApp accounts belonging to government officials, military personnel, civil servants, and journalists. The encryption on both apps was never touched. The attacks went straight for the person holding the phone.

The public warning, issued jointly by the Netherlands Defence Intelligence and Security Service (MIVD) and the Netherlands General Intelligence and Security Service (AIVD), is the clearest official confirmation yet that Russia's intelligence apparatus has shifted significant resources toward compromising consumer messaging accounts rather than attempting to crack the underlying cryptography. The announcement came with a published Cyber Advisory and a direct message to government workers across the Netherlands and beyond: accounts of Dutch government employees had already been successfully breached.

The Dutch advisory did not arrive in isolation. Germany's Federal Office for the Protection of the Constitution (BfV) and Federal Office for Information Security (BSI) had issued a parallel warning on February 6, 2026, describing state-backed attempts to phish senior political figures, military officials, diplomats, and investigative journalists across Germany and Europe through the same Signal impersonation tactics. Three days after the AIVD/MIVD announcement, Portugal's Security Information Service (SIS) issued its own alert on March 12, 2026, warning that attackers were now also using artificial intelligence tools to impersonate technical support staff and trusted contacts — synthesizing voice and image records to make conversations convincing across messages, phone calls, and video calls. The SIS noted the attacks did not represent a compromise of the platforms themselves, but rather exploitation of "potentially less cautious use" of the messaging services. Multiple NATO-adjacent intelligence services are now tracking variants of the same campaign.

This is not a theoretical threat. Verified victims exist. Sensitive information has very likely been read. And the techniques in play are not exotic — they are deliberate, methodical abuses of features that exist in every Signal and WhatsApp installation in the world.

What the Dutch Intelligence Agencies Said

On March 9, 2026, the MIVD and AIVD published a joint alert describing a campaign they characterize as large-scale and global. The targets, as described by the agencies, include dignitaries, military personnel, civil servants, and journalists — specifically individuals whose communications would be of intelligence value to the Russian government.

In their joint advisory, the MIVD and AIVD characterized the activity as a large-scale, globally scoped campaign by Russian state hackers aimed at gaining access to Signal and WhatsApp accounts belonging to dignitaries, military personnel, and civil servants. (MIVD and AIVD Joint Advisory, March 9, 2026)

The agencies were explicit that the attacks do not represent a technical breach of Signal or WhatsApp as platforms. Both apps use end-to-end encryption based on the Signal Protocol, which remains unbroken. What the hackers are exploiting instead is the authentication and device-pairing infrastructure that surrounds those apps — and the human beings who use them.

AIVD Director-General Simone Smit drew a direct line between the two: the platforms as a whole had not been compromised — attackers were targeting individual user accounts. Her MIVD counterpart, Vice-Admiral Peter Reesink, added a harder-edged warning directed at anyone relying on encryption alone as a security posture:

MIVD Director Vice-Admiral Peter Reesink issued a harder-edged warning aimed at anyone relying on encryption alone: even apps with end-to-end encryption, including Signal and WhatsApp, should not be used to transmit classified, confidential, or operationally sensitive information. (Vice-Admiral Peter Reesink, MIVD)

That statement carries significant weight. Signal in particular has become a de facto secure communications channel inside many Western governments. Its reputation for strong, independently audited encryption has made it attractive precisely to the people Russian intelligence services want to surveil. The AIVD advisory acknowledges this directly, noting that Signal is renowned for being a reliable, independent, end-to-end encrypted communication channel — and that this reputation is exactly why it became a target.

How the Attacks Actually Work

The campaign relies on two primary techniques, both of which abuse legitimate features already built into the apps. Neither requires the attacker to crack encryption or deploy malware onto a device.

Technique One: Impersonating Signal Support

The most frequently observed method, according to both the AIVD/MIVD advisory and independent analysis by Malwarebytes, involves attackers contacting targets directly through Signal or WhatsApp while posing as official support accounts. Common impersonation identities include names like "Signal Security Support Chatbot" or "Signal Support." The fake support account typically opens with an urgent-sounding warning — a possible data leak, suspicious access attempts, or a security verification required to protect the account.

Once the target is engaged, the attacker asks for the account's SMS verification code and PIN. This is the critical moment. When a user requests a verification code from Signal or WhatsApp, the platform sends an SMS to the registered phone number. The attacker has already triggered this process on their own end by entering the target's phone number into the app's registration flow. The code that arrives on the target's phone is, from the attacker's perspective, the key to the front door.

Technique Two: Abusing the Linked Devices Feature

The second technique, which Google's Threat Intelligence Group (GTIG) identified and documented as early as February 2025, is technically more sophisticated and considerably harder for victims to detect. Both Signal and WhatsApp allow users to link additional devices — tablets, desktop clients, secondary phones — to a single account by scanning a QR code. When an attacker can get a target to scan a malicious QR code, they effectively add their own device as a linked device on the victim's account. From that point forward, all incoming messages are delivered to both the legitimate user and the attacker simultaneously, in real time.

The malicious QR codes are delivered through several vectors. In broader campaigns, they appear disguised as legitimate Signal group invites, security alerts from Signal, or device pairing instructions that mimic official Signal documentation. In more targeted operations — particularly those focused on Ukrainian military personnel — the QR codes are embedded in phishing pages built to resemble specialized military software, including the Kropyva artillery guidance application used by Ukrainian armed forces.

GTIG's research identified a specific threat cluster, tracked as UNC5792, which modifies legitimate Signal group invite pages to replace the expected JavaScript redirect — the code that would normally open a Signal group — with a URI in the format sgnl://linkdevice?uuid=, silently triggering the account-linking process on the attacker's device instead of joining a group. This substitution is not visible to the target, who sees what appears to be a standard group invitation.

A particularly troubling aspect of this technique: Signal does not provide centralized logging for newly linked devices, and the compromise can persist for extended periods without detection. The attacker does not need ongoing access to the victim's phone. Once linked, the attacker's device continues to receive messages indefinitely.

The risk escalated further when Signal introduced message history synchronization for linked devices in early 2025. When a new device links to an account, Signal now offers the option to transfer all chat history and media from the previous 45 days to the newly linked device. For an attacker who successfully links their device, this means they receive not only future messages in real time, but potentially 45 days of prior conversations as well — a significant intelligence windfall from a single successful QR code scan.

What Attackers Can Do Once Inside

The AIVD/MIVD advisory and BleepingComputer's analysis of the campaign describe the scope of access that follows a successful account takeover or device-link, and it extends well beyond simply reading messages.

When an attacker completes a full account takeover using stolen verification codes and PINs, they can reassign the compromised account to a phone number under their own control. This gives them persistent access to the victim's contact list and all incoming messages, including messages sent in group chats the victim belongs to. From that position, the attacker can also impersonate the victim — sending outbound messages from the compromised account to the victim's contacts, potentially using the compromised account as a launchpad for further phishing operations against people who would reasonably trust a message from that number.

In the device-linking scenario, the attacker's position is different but comparably damaging. They do not control the account outright — the legitimate user continues to use it normally — but they receive every incoming message simultaneously, in real time, without the victim's knowledge. Because Signal does not alert account holders when a new device is linked through a scanned QR code, the compromise can remain undetected for weeks or months. The attacker maps the victim's network of contacts, tracks the progression of sensitive conversations, and collects intelligence continuously without ever needing to touch the victim's phone again.

Cody Barrow, former NSA Cyber Chief and CEO of EclecticIQ, noted that once an attacker reaches a messaging account or a linked device, they can monitor conversations, map contact networks, and collect intelligence continuously — and that campaigns of this kind demonstrate the real target is the user, not the encryption. Barrow identified strong account security, multi-factor authentication, and phishing awareness as the critical protections in this environment. (EclecticIQ)

The Threat Actors Behind the Campaign

The MIVD and AIVD advisory does not attribute the activity to a specific Russian intelligence agency or named hacking group. But independent research and prior disclosures from Google, Microsoft, and Ukraine's Computer Emergency Response Team (CERT-UA) have identified several Russia-aligned clusters involved in targeting Signal and WhatsApp accounts over the past year.

UNC5792 (overlapping with UAC-0195): This group, identified by GTIG, focuses on Signal group invite manipulation. By altering legitimate group invite infrastructure, UNC5792 tricks targets into registering attacker-controlled devices on their accounts. The group's activity has been linked by CERT-UA to campaigns targeting WhatsApp as well.

UNC4221 (overlapping with UAC-0185): This cluster deployed a phishing kit specifically built to target Signal accounts among Ukrainian military personnel. The kit impersonates Kropyva, a piece of software the Armed Forces of Ukraine use for artillery guidance and minefield mapping. As part of its operation, UNC4221 also deployed a lightweight JavaScript payload called PINPOINT, which collects basic user information and geolocation data via the browser's GeoLocation API, building a targeting profile before executing the account-linking attack.

APT44, also known as Sandworm: Russia's military intelligence unit GRU has had documented involvement in battlefield-adjacent Signal exploitation. According to GTIG research, Sandworm has used malicious QR codes to link Signal accounts found on devices captured from Ukrainian military personnel, connecting those accounts back to Sandworm-controlled infrastructure for ongoing surveillance. Sandworm has also been observed running the WAVESIGN batch script — a lightweight Windows tool that periodically queries a victim's Signal message database and exfiltrates recent messages using Rclone. In at least one documented case, a compromised Signal account gave Russian forces enough battlefield intelligence to launch an artillery strike against a Ukrainian army brigade.

Turla and UNC1151: These Russia and Belarus-linked groups have been observed attempting to extract Signal database files directly from compromised Android and Windows devices, using malware including Infamous Chisel, PowerShell scripts, and the Robocopy command-line utility. This represents a different angle of attack — not account-linking, but direct file exfiltration from already-compromised devices.

One question readers outside Ukraine may reasonably ask: what about Telegram? The same threat actors documented here have been targeting Telegram alongside Signal for years. APT44 has run a long-running campaign assisting forward-deployed Russian military forces to extract both Signal and Telegram messages from mobile devices captured on the battlefield. Turla and UNC1151 have similarly targeted Telegram database files through direct device compromise. The key distinction from the phishing techniques described in this article is method rather than risk level: Telegram does not use end-to-end encryption by default for regular chats — only its optional Secret Chats feature uses E2E encryption — so server-side interception remains a viable route for adversaries with sufficient access, independent of device-level attacks. Users who treat Telegram as a Signal equivalent for sensitive conversations are relying on a protection Telegram's standard chat mode does not provide.

Star Blizzard (also known as Coldriver and Callisto Group): This FSB-linked group expanded into WhatsApp targeting in November 2024, in a campaign documented by Microsoft in January 2025. After more than 180 of the group's phishing domains were seized by Microsoft and the U.S. Department of Justice in October 2024, Star Blizzard adapted by shifting to WhatsApp account-linking attacks. The campaign used spear-phishing emails impersonating a U.S. government official, inviting targets to join a fake WhatsApp group purportedly related to Ukraine NGO support. An intentionally broken QR code in the initial email was designed to prompt recipients to reply — and when they did, a follow-up message delivered a functional QR code that was actually a WhatsApp device-linking code, granting the attacker access to the target's account. Microsoft assessed the campaign concluded by end of November 2024 but characterized it as evidence of the group's "tenacity" in continuing espionage operations despite repeated infrastructure disruptions.

The involvement of multiple distinct threat actors — each operating under different Russian and Belarusian intelligence directorates, each with different tactics and target profiles — underscores that this is not a single coordinated operation but a broad strategic priority: access to Signal and WhatsApp conversations is considered a high-value intelligence objective across Russia's entire intelligence apparatus.

Why Signal and WhatsApp Are the Target

The answer is straightforward, and the AIVD states it plainly. Signal's strong encryption reputation has made it the preferred communications channel for government employees, military personnel, diplomats, journalists, and activists who want to protect sensitive conversations from interception. That same reputation concentrates exactly the kind of communications Russian intelligence services want to read.

End-to-end encryption protects messages while they travel across networks. It does nothing to protect a message once it has been delivered and is sitting in a recipient's app. It does nothing if an attacker has successfully been added as a linked device on the account. And it does nothing if the attacker has persuaded the account holder to hand over their verification credentials directly.

This is the fundamental strategic insight driving the Russian campaign: the encryption is not the vulnerability. The person is. Social engineering attacks on secure messaging users are, by definition, attacks on the weakest point in an otherwise strong system. And when government officials and military personnel use consumer apps as a substitute for formally approved classified communication channels — a pattern that has been widely documented across multiple NATO countries — they expose sensitive operational information through a channel that was never designed to carry it at that classification level.

The AIVD advisory notes a broader and more insidious dynamic: because Signal's reputation for security is so strong, people extend more trust to communications that appear to come from Signal or through Signal. A message that claims to be from Signal Security carries implicit authority. A QR code embedded in what appears to be a legitimate Signal interface looks safe. The app's reputation becomes the weapon.

The Convenience Problem: Why Classified Systems Aren't Being Used

The MIVD's warning that Signal and WhatsApp are not appropriate for classified, confidential, or operationally sensitive information raises an obvious follow-up question: if secure alternatives exist, why are government employees using consumer apps at all?

The answer is not ignorance of the alternatives. Western governments have invested heavily in purpose-built classified communications infrastructure. In the United States, for example, the Secret Internet Protocol Router Network (SIPRNet) handles communications classified at the secret level, while the Joint Worldwide Intelligence Communications System (JWICS) handles top-secret traffic. Neither is connected to the open internet. The Defense Information Systems Agency (DISA) also operates a program called DoD Mobility Classified Capability-SECRET (DMCC-S), which provides Samsung smartphones pre-configured for secure classified communication — the kind of tool that would allow a government official to send a sensitive message from anywhere without reaching for Signal. As of early 2024, a classified version of the Microsoft 365 collaboration suite supporting Teams, SharePoint, and Outlook had been deployed across more than 250,000 DoD accounts.

The gap between what exists and what people actually use comes down to friction. Classified systems require training, dedicated hardware, strict enrollment procedures, and physical or credentialed access. Signal requires downloading a free app. Classified networks are governed by retention requirements and audit trails that create accountability. Signal, particularly with disappearing messages enabled, does not. A senior official who wants to coordinate quickly across time zones with a group of trusted contacts faces a genuine usability gap between what the approved channel offers and what a consumer app delivers in seconds.

That friction gap is not an accident; it is an artifact of how security controls are designed. Audit trails, mandatory retention, and access logging are features of classified systems precisely because oversight requires them. The same properties that make those systems trustworthy for classified information are exactly the properties that make them feel cumbersome compared to a smartphone app. When officials bypass those systems in favor of Signal, they are not typically making a considered risk decision — they are making an ease-of-use decision and implicitly accepting a risk they may not have fully calculated.

The Dutch and German advisories, taken together, describe a population of government users who have settled into Signal as a working habit. The Russian campaign described in those advisories is, in part, a consequence of that habit having been formed at scale. As long as the friction gap between approved channels and consumer apps remains wide enough that people consistently choose the consumer app, the intelligence value of targeting those consumer apps will remain high enough to sustain exactly the kind of sustained, multi-actor campaign that AIVD, MIVD, BfV, BSI, and SIS are now warning about.

What Signal and WhatsApp Said

Signal responded publicly via X (@signalapp) and Bluesky on March 9, 2026, confirming awareness of the targeting campaign while being precise about the scope of what occurred:

Signal confirmed awareness of the targeting campaign in a public statement posted to X (@signalapp) and Bluesky on March 9, 2026, emphasizing that the attacks succeeded through phishing — specifically by tricking users into sharing SMS verification codes and account PINs — and not through any compromise of the platform or its cryptography. Signal stated plainly that its encryption and infrastructure had "not been compromised and remain robust." (Signal, via X and Bluesky, March 9, 2026)

Signal's full statement also clarified that Signal Support will never initiate contact through in-app messages, SMS, or social media to ask for a verification code or PIN — and that any such request, regardless of source, should be treated as a scam. The company confirmed it is actively working on additional in-app interface improvements — visual and text-based warning signs designed to alert users to phishing risks throughout the app — beyond the QR-code phishing protections already shipped in updated Android and iOS versions. Users who have not updated to the latest version are running without those protections.

WhatsApp, in a statement to Reuters and The Register, told users never to share their six-digit verification code with anyone and noted that the platform continues to build and expand protections against social engineering-based scams. A Meta spokesperson reiterated that detailed account protection guidance is available directly through WhatsApp's support resources.

The AI Impersonation Layer

The Portuguese SIS advisory of March 12, 2026 introduced a dimension of this campaign that the earlier Dutch and German warnings did not address in detail: artificial intelligence is being used to make the social engineering convincing enough to deceive even careful targets.

According to SIS, attackers are synthesizing voice and image records of trusted contacts — colleagues, supervisors, technical support staff — to construct impersonations that hold up across text messages, phone calls, and video calls. A target who receives what appears to be a video message from a familiar face, or a phone call from a voice they recognize, asking them to scan a QR code or confirm an account PIN, faces a qualitatively different threat than a target who receives a text message from an account claiming to be "Signal Security Support."

This is a meaningful escalation. The earlier phases of this campaign, as documented by GTIG and described in the AIVD/MIVD advisory, relied primarily on impersonation through text: a fake support account, a spoofed group invitation, a phishing page dressed in Signal's visual identity. Standard counter-phishing advice — verify through a separate channel, be suspicious of any unsolicited request for credentials — assumes a relatively clear gap between legitimate and illegitimate communications. AI-generated voice and video narrows that gap. When the "separate channel" verification call sounds like the colleague it claims to be, the standard guidance becomes harder to act on.

SIS did not attribute AI-assisted impersonation to a specific threat actor in its public advisory, and the technique is not exclusive to Russian state operations. The December 2025 GhostPairing campaign documented by Gen Digital, in which cybercriminals used WhatsApp device-linking attacks for financially motivated fraud, shows that the same underlying account-takeover methods attract a broad set of actors once the technique enters common knowledge. AI-generated impersonation lowers the skill floor for social engineering operations: an attacker does not need linguistic fluency in the target's language, detailed knowledge of the target's organizational context, or the ability to construct a convincing written persona, if a sufficiently realistic synthetic voice can carry the conversation instead.

The practical implication for targets is that visual and auditory verification of identity — the instinct to "just call them and check" — can no longer be treated as a reliable backstop. Verification needs to move to channels and methods that are difficult to synthesize: a known, pre-established code phrase agreed upon out-of-band, a callback to a number independently confirmed rather than one provided by the requester, or formal identification through an organizational IT security process. For government and military users operating in environments where AI-synthesized media is a documented threat vector, the burden of verification has risen substantially.

How to Know If You Have Been Compromised

The AIVD and MIVD Cyber Advisory published alongside the March 9 announcement includes specific detection guidance for Signal users. The key detection method requires no technical expertise: check your group chats for duplicate accounts.

When an account is successfully taken over, or when a victim has re-registered their account after losing access, their previous account entry may remain visible in group chats alongside the new one. This creates a situation where the same person appears twice in a group member list — sometimes under identical names, sometimes under a slightly different name. The advisory specifically warns that attackers may rename hijacked accounts to something like "Deleted account" in an attempt to appear inactive and avoid detection.

The recommended response steps from the AIVD/MIVD advisory are:

1. Check all active Signal and WhatsApp group chats for members who appear twice, or for unfamiliar accounts that joined via a group link you did not control.
2. If you find a suspicious duplicate, do not attempt to verify through Signal or WhatsApp. Use a separate channel — a phone call or email — to confirm with the person in question whether they have two accounts or whether their account may have been taken over.
3. Report any confirmed or suspected compromised accounts to your organization's IT security team immediately.
4. Group administrators should remove any non-legitimate accounts that joined via a captured group invite link.
5. Check your own linked devices list in Signal (Settings > Linked Devices) and WhatsApp (Settings > Linked Devices) for any entries you do not recognize. Remove any unknown devices immediately.

For proactive protection, GTIG's February 2025 research recommends the following measures for all users who may be at risk:

1. Update Signal and WhatsApp to the latest available version. Signal has already released hardened protections against QR-based phishing on both Android and iOS.
2. Enable a strong registration lock PIN in Signal (Settings > Account > Registration Lock). This requires your PIN when re-registering your account on a new device, making it significantly harder for attackers to complete an account takeover even if they obtain your verification code.
3. Enable screen lock with a long, complex passcode on your mobile device.
4. Never scan a QR code received through a messaging app unless you can independently verify the source through a separate channel.
5. Never share a verification code or account PIN with anyone — not in a chat, not via SMS, not in an email. There is no legitimate scenario in which Signal or WhatsApp support would request these values from you in a conversation.
6. On iOS, consider enabling Lockdown Mode if you are in a high-risk category — government employee, military, journalist, or civil society activist. Lockdown Mode limits certain device features but significantly reduces the attack surface available to advanced threat actors.

What Actually Needs to Change

The individual protection steps above are necessary but not sufficient. Advisories from five intelligence services across three countries have now described the same structural conditions that allow this campaign to persist. The solutions that would meaningfully reduce the attack surface go considerably further than reminding users not to share their PIN.

Closing the Friction Gap in Classified Communications Infrastructure

The core problem described in both the Dutch and German advisories is that approved classified systems are too cumbersome to use in practice, so people default to Signal. The solution is not simply to prohibit Signal — prohibition without a usable alternative produces either non-compliance or operational slowdown. Governments that want officials to stop using consumer apps need to make their approved systems genuinely competitive on usability: faster enrollment, mobile-native interfaces, cross-agency interoperability, and support for the same quick group-coordination workflows that make Signal useful. The U.S. DoD's DMCC-S program is an example of the right direction, but deployment at the scale needed to replace Signal as the default for informal sensitive communication remains limited. NATO governments should be treating classified mobile communication usability as a strategic infrastructure problem, not a compliance problem.

Device-Linking Architecture Changes

The QR-code device-linking attack is structurally enabled by the fact that Signal's linked-device workflow — by design — requires no secondary confirmation from the account holder once a code is scanned. A linked device simply begins receiving messages. Signal has already shipped some hardening against phishing on the QR scan step, but the deeper fix is requiring an explicit, time-limited in-app confirmation from the primary device every time a new device is added — a push notification that names the device type, platform, and approximate location of the incoming link request, requiring the account holder to approve it before any message sync begins. Apple's passkey device trust model provides a template: new device trust is never granted silently. Signal's 45-day message history sync, introduced in early 2025, substantially increased the intelligence value of a successful device-link; a corresponding increase in the friction required to complete that link is overdue.

Organizational Linked-Device Auditing at Scale

For government and defense organizations, individual users checking their own linked-device lists is an insufficient control. Organizations whose personnel routinely use Signal for sensitive communication — including those who should not be, but demonstrably are — need centralized tooling that can identify anomalous device-linking events across an employee population: a new linked device appearing on an account that has not linked a new device in over a year, a device linking from an IP geolocation inconsistent with the user's normal operating area, or a device linking in the same narrow time window as a known phishing email delivery. This is standard behavior analytics applied to a consumer app population, and it requires the organization to acknowledge that consumer app use is happening rather than simply prohibiting it on paper.

Pre-Established Out-of-Band Verification Protocols

Portugal's SIS documented AI-synthesized voice and video being used to impersonate trusted contacts. The verification reflex that has been standard counter-phishing advice for a decade — call them separately to check — is no longer sufficient when the call itself can be synthesized. The institutional response is to move verification to channels and methods that are inherently difficult to replicate with generative AI: a pre-agreed challenge phrase established in person, a callback to a number confirmed through an organizational directory rather than one provided in the suspicious message, or a short-code confirmation through a second authenticated platform. These protocols already exist in high-security environments. They need to become standard practice for any personnel operating in a high-targeting-risk category.

Account Compromise Detection Built Into Group Chat Infrastructure

The AIVD/MIVD advisory's primary detection guidance relies on users manually inspecting group member lists for duplicate accounts. This is a reasonable individual step but scales poorly across large organizations. Signal's group chat infrastructure could surface automated warnings when a member account's registration identifier changes — which happens when an account is taken over and re-registered to a new phone number — allowing group administrators to receive a flag rather than requiring every member to know what a duplicate account looks like. WhatsApp's enterprise product layer, used by government and defense organizations, is better positioned than Signal's consumer platform to implement anomaly alerts at the group level. Pushing for this capability through organizational contracts and vendor engagement is a more durable solution than relying on user vigilance across thousands of accounts.

Raising the Floor on Verification Code Security

Both primary attack techniques in this campaign depend on obtaining a time-limited SMS verification code. The SMS delivery of those codes is itself a known weak point — SS7 vulnerabilities have allowed interception of SMS messages for years, and SIM-swapping attacks give adversaries the ability to redirect SMS traffic without any phishing required. The more durable fix is accelerating the adoption of app-based or hardware-token second factors for messenger account registration, reducing reliance on SMS codes entirely. Signal already supports registration lock PINs as a second factor against account takeover, but the PIN must be set proactively by the user before an attack occurs. Making registration lock a default-on feature — rather than opt-in — would meaningfully raise the floor of protection for the broader user population that may not have read a threat advisory.

Key Takeaways

1. The encryption was not broken: Signal and WhatsApp's underlying cryptography remains intact. The attacks exploit authentication systems and human behavior, not cryptographic weaknesses. The distinction matters because it means the threat exists regardless of how strong the encryption is.
2. Confirmed victims include Dutch government employees: This is not an advisory about a theoretical risk. The AIVD and MIVD have confirmed that accounts have been compromised and that sensitive information has very likely been accessed as a result.
3. Multiple European intelligence agencies have now issued warnings: The Dutch advisory followed a February 6, 2026 warning from Germany's BfV and BSI, and was followed by Portugal's SIS on March 12, 2026. The convergence of warnings from separate NATO-adjacent intelligence services confirms that the campaign has reached beyond Ukraine and into Western European government networks.
4. The campaign is global and ongoing: Journalists, military personnel, and government officials across all NATO-aligned countries are within the threat perimeter. GTIG warned in February 2025 that these tactics would expand beyond Ukraine, and the wave of European advisories through early 2026 confirms that expansion is underway.
5. Two techniques dominate: Impersonation of Signal support accounts to harvest verification codes and PINs, and abuse of the legitimate linked-devices feature via malicious QR codes. Both require no malware and no technical vulnerability in the apps. Both require the target to take an action.
6. A successful device-link now means 45 days of prior messages: Signal's message history synchronization feature, introduced in early 2025, means an attacker who successfully links a device receives not only future messages but up to 45 days of prior conversation history. The intelligence value of a single successful QR code scan has increased substantially.
7. Multiple Russian threat actor clusters are involved: UNC5792, UNC4221, APT44 (Sandworm), Turla, UNC1151, and Star Blizzard (Coldriver) have all been documented targeting Signal or WhatsApp accounts through various means. APT44 has also targeted Telegram messages extracted from captured battlefield devices. This is a strategic intelligence priority, not a one-off operation.
8. The convenience gap is a structural vulnerability: Classified communications alternatives exist across NATO governments — SIPRNet, JWICS, DMCC-S, and equivalents — but the usability and accessibility gap between those systems and a free consumer app is wide enough that Signal has become a working habit for many officials. That habit is precisely what this campaign is designed to exploit.
9. AI-generated impersonation has entered the attack chain: Portugal's SIS documented attackers using synthesized voice and video to impersonate trusted contacts. Standard out-of-band verification — calling someone to confirm — can no longer be treated as a reliable control when the call itself may be synthetic. Pre-established verification codes and institutional identity processes are now necessary backstops.
10. Detection is possible but requires attention: Checking group chats for duplicate member accounts and regularly auditing linked devices are two concrete actions any user can take right now, without technical expertise.

The broader lesson of this campaign is one that security professionals have articulated for years but that becomes painfully concrete whenever a nation-state operation makes headlines: the human element of security is not a footnote. When adversaries cannot break the lock, they ask for the key. In this case, they are asking through a fake chatbot wearing Signal's logo, through a spoofed QR code disguised as a group invitation, and — according to Portugal's SIS — through AI-synthesized voices and video impersonations of trusted contacts that are increasingly difficult to distinguish from the real thing. In enough cases, people are handing over access. The structural reason they keep handing it over is that the friction between approved classified systems and a consumer app is wide enough that Signal has become the path of least resistance for communications that should never travel through it. Closing that friction gap — not just warning people about phishing — is the institutional problem these advisories have not yet solved. The fact that intelligence agencies in Germany, the Netherlands, and Portugal all felt compelled to issue public warnings within the same six-week window is itself a signal: this campaign has crossed a threshold that warranted coordinated public disclosure across allied governments, and the techniques behind it are only becoming harder to detect.