Russian Hackers Breach Officials’ Encrypted Messaging Apps
▼ Summary
– Russian state hackers are targeting the Signal and WhatsApp accounts of diplomats, military staff, and government officials worldwide, with journalists also at risk.
– The attack campaign does not exploit technical flaws in the apps but instead misuses their legitimate security features, like verification codes and PINs.
– Hackers use methods like posing as a support chatbot or exploiting the linked devices feature to gain access to individual user accounts.
– Once compromised, attackers can read private conversations, and a key warning sign is the appearance of duplicate identities in group chats.
– Officials emphasize that despite end-to-end encryption, these apps are not secure channels for classified or sensitive information.
A recent cybersecurity alert from Dutch intelligence services reveals a sophisticated campaign by Russian state-backed hackers targeting the personal accounts of diplomats, military personnel, and government officials on encrypted messaging platforms. The operation specifically aims to compromise accounts on Signal and WhatsApp, though it does not involve breaching the core security of the applications themselves. Instead, the attackers are manipulating the very security features designed to protect users, focusing on individuals whose work or profile might draw interest from Moscow, including journalists.
The campaign employs two primary tactics to gain unauthorized access. One method involves hackers impersonating an official Signal support chatbot. In this scenario, targets are deceived into voluntarily surrendering their login credentials, including the critical verification codes sent via SMS. The second technique exploits the legitimate “linked devices” function available in both Signal and WhatsApp. This feature, which allows users to connect their account to additional devices like tablets or computers, becomes a vulnerability when attackers trick a user into providing the necessary linking code.
Once these codes are obtained, the hackers can seamlessly infiltrate the account. This access grants them the ability to read all private conversations and monitor group chats in real-time, potentially exposing sensitive diplomatic or operational discussions. Security experts note that many users operate under a false sense of security, believing the strong encryption of these apps makes their accounts impervious to attack, a misconception the Russian operatives are actively exploiting.
It is crucial to understand that the fundamental encryption of Signal and WhatsApp remains intact. The Dutch agencies have clarified that this is not a technical breach of the applications’ infrastructure. “Individual user accounts are being targeted,” stated a senior intelligence official, emphasizing that the services as a whole have not been compromised. The attack vector is entirely based on social engineering and the misuse of account recovery and linking procedures.
For protection, officials recommend heightened vigilance within group chats. A key red flag is the appearance of duplicate identities. If the same contact appears twice under identical or slightly varied names, it could indicate that an account has been compromised and a cloned profile has been added to the conversation. This allows the attacker to remain in the chat even if the legitimate user is removed.
The overarching advice from cybersecurity professionals is a sobering reminder of digital communication limits. As one military intelligence director pointed out, “Chat applications like Signal and WhatsApp, despite having end-to-end encryption, are not channels for classified, confidential, or sensitive information.” While these tools provide strong privacy from mass surveillance, they are not foolproof against determined, targeted attacks that manipulate human behavior. A detailed advisory has been published to help potential targets recognize these threats and secure their accounts.
(Source: HelpNet Security)
