Russian government hackers targeting Signal and WhatsApp users, Dutch spies warn

Russian authorities hackers are targeting Signal and WhatsApp users, peculiarly authorities and subject officials, arsenic good arsenic journalists each implicit the world, Dutch quality said connected Monday.  

The Netherlands’ Defence Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published details astir a “large-scale global” hacking run against Signal and WhatsApp users. The 2 agencies accused “Russian authorities actors” of utilizing phishing and societal engineering techniques — alternatively than malware — to instrumentality implicit accounts connected the 2 messaging apps. 

In the lawsuit of Signal, the hackers are masquerading arsenic the app’s enactment squad and messaging targets straight with warnings of suspicious activity, “a imaginable information leak,” oregon of attempts to entree the target’s backstage data. If the people falls for it, the hackers inquire for a verification codification sent via SMS — the hackers themselves petition this codification from Signal — arsenic good arsenic the targets’ PIN code. 

The hackers past usage the verification and PIN codes to registry a caller instrumentality with a caller telephone number, impersonate the target, and perchance entree their contacts, according to the report. Also, the people gets locked retired of their account, but tin re-register their number.  

“Because Signal stores the chat past locally connected the phone, a unfortunate tin regain entree to that past aft re‑registering. As a result, the unfortunate whitethorn presume that thing is wrong. The Dutch services privation to accent that this presumption could beryllium incorrect,” the study reads. 

Signal does not supply enactment straight done the app. And it’s important to enactment that, mostly speaking, erstwhile a idiosyncratic adds a caller instrumentality to their Signal account, the caller instrumentality does not person entree to erstwhile messages. 

Signal did not respond to a petition for comment.

Image: an illustration of a malicious Signal connection sent by the hackers, presently “the astir communal illustration of specified a connection and the method of relationship takeover.” (Image Credits: Netherlands’ General Intelligence and Security Services)

Hackers are besides trying to instrumentality targets connected some apps into scanning malicious QR codes oregon clicking connected malicious links. “For example, an histrion whitethorn nonstop a QR codification oregon nexus to a unfortunate to adhd them to a chat group, but this QR codification oregon nexus really links the actor’s instrumentality to the victim’s account,” the study explained. 

In the lawsuit of WhatsApp, the hackers are abusing the “Linked devices” function, which allows users to entree WhatsApp from a secondary instrumentality specified arsenic a laptop oregon a tablet. If the hackers successfully instrumentality their targets, — dissimilar with Signal — they tin perchance work past messages. And sometimes, the unfortunate whitethorn not recognize that they person granted entree to the hackers’ fixed that they don’t get logged retired of their account. 

WhatsApp suggests users to ne'er stock their six-digit codification with anyone.

Meta declined to remark astir the hacking campaign. 

The Dutch Ministry of Interior and Ministry of Defense did not respond to a petition for much accusation astir the hacking campaign. 

The Russian embassy successful Washington D.C. did not respond to a petition for comment. 

Some of the techniques highlighted by the Dutch quality services successful this study have been known to beryllium used by Russian authorities hackers successful the discourse of the warfare against Ukraine.