Signal and WhatsApp accounts targeted in phishing campaign

Russian state-sponsored hackers are orchestrating a widespread phishing campaign targeting Signal and WhatsApp accounts of high-profile individuals, including senior officials, military personnel, and journalists. The attackers exploit human vulnerabilities rather than technical ones, using social engineering tactics to deceive users into divulging sensitive information such as verification codes and PINs. By doing so, they gain unauthorized access to the targeted accounts without having to bypass the end-to-end encryption implemented by the messaging apps. The Dutch intelligence services AIVD and MIVD have issued warnings about this campaign, highlighting the effectiveness of phishing and social engineering methods in compromising even supposedly secure communication channels¹. This campaign's success underscores the importance of robust user education and awareness in preventing such attacks, as the attackers' methods can be applied to various platforms and environments, making it crucial for practitioners to reassess their security protocols.