The secure messaging app Signal, developed by Signal Messenger, has long been considered one of the safest communication tools available. Yet according to warnings from Dutch intelligence agencies AIVD and MIVD, even highly secure platforms can become entry points for cyber-espionage.

The problem is not encryption.

The problem is account takeover.

Dutch intelligence services have revealed that Russian state-linked hackers are running a large-scale cyber campaign targeting Signal and WhatsApp accounts belonging to government officials, diplomats, military personnel, and civil servants. The campaign has already affected Dutch government employees and may extend to journalists and other individuals of strategic interest.

The attacks demonstrate a critical reality of modern cyber conflict: sometimes the easiest way to access sensitive communications is not by breaking encryption but by impersonating the user.

The Strategy: Take the Account, Not the Algorithm

End-to-end encryption protects messages during transmission. This means that even if messages are intercepted, they cannot easily be decrypted.

However, if attackers gain control of a user’s account, encryption becomes irrelevant.

Once logged in, the attacker can simply read messages as they arrive.

According to the Dutch intelligence services, the campaign relies on several classic cyber-espionage techniques:

• phishing messages
• credential theft
• social engineering
• exploitation of legitimate platform features

One frequently observed method involves hackers pretending to be a Signal support chatbot.

In these messages, victims are asked to provide verification codes or PIN numbers supposedly needed to resolve an account issue. Once the victim shares the code, attackers can register the account on their own device and gain full access.

Another technique exploits the “linked devices” feature used by both Signal and WhatsApp. This feature allows users to connect additional devices to their accounts for convenience. In the hands of attackers, it becomes a tool for silent surveillance.

Why Governments Use Messaging Apps

Despite security concerns, messaging apps such as Signal and WhatsApp have become deeply integrated into daily communication for officials and government personnel.

Their advantages are obvious:

• strong encryption
• ease of use
• global availability
• independence from traditional telecom infrastructure

Signal, in particular, has built a reputation as a privacy-focused platform. Its open-source architecture and strong encryption standards have made it a trusted tool for activists, journalists, and government officials alike.

Ironically, this reputation makes it an attractive target for intelligence operations.

If sensitive conversations take place on a platform, gaining access to that platform becomes highly valuable.

Mapping Networks Through Compromised Accounts

Once attackers compromise an account, their access goes far beyond reading individual messages.

They can also:

• monitor group chats
• impersonate the victim
• identify communication partners
• map entire networks of contacts

This type of intelligence can reveal organizational structures, relationships, and operational discussions.

In intelligence terms, it allows attackers to build a communication map of a target organization.

Such insights can be just as valuable as the messages themselves.

The Human Factor in Cyber Warfare

One of the most important aspects of the campaign is that it does not rely on technical vulnerabilities in Signal or WhatsApp.

The apps themselves remain secure.

Instead, the attackers exploit human behavior and trust.

Social engineering has become one of the most powerful tools in modern cyber operations. Convincing a user to reveal a code or click a malicious link is often far easier than attempting to break advanced encryption algorithms.

As AIVD Director-General Simone Smit explained, the services themselves have not been compromised as platforms. Instead, individual accounts are being targeted.

A New Cyber Battlefield

Dutch intelligence officials emphasize that secure messaging platforms should not be used for classified or highly sensitive communications.

Even with strong encryption, the human element introduces risk.

The campaign highlights a broader shift in cyber conflict. Rather than attacking infrastructure or software vulnerabilities, modern cyber-espionage increasingly focuses on people and communication ecosystems.

In today’s digital battlefield, trust itself has become a strategic target.

Breaking encryption may be difficult.

But convincing someone to reveal a code can be surprisingly easy.

‍