European intelligence agencies have warned of a new cyber-espionage campaign linked to Russia that targets users of encrypted messaging platforms such as Signal and WhatsApp. According to Dutch authorities, the operation has already affected government officials, military personnel, and journalists in several countries.

Intelligence Warning from the Netherlands

The warning was issued jointly by the Netherlands’ General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD). In a public advisory released on March 9, 2026, the agencies said Russia-aligned hackers are attempting to infiltrate private messaging accounts to gain access to sensitive communications.

Officials say the attackers use social-engineering techniques to trick targets into handing over security credentials. In many cases, hackers impersonate a Signal support chatbot and ask victims to share verification codes or PIN numbers during a conversation. Once the code is revealed, attackers can take control of the account and read messages or join private group chats.

Another tactic involves abusing Signal’s “linked devices” feature, which allows the same account to be used on multiple devices. By convincing victims to scan malicious QR codes or approve a device connection, hackers can secretly link their own device to the target’s account and monitor conversations in real time.

Officials and Journalists Among Targets

Dutch intelligence agencies say the campaign has already affected multiple sectors, including government employees and journalists. Because encrypted messaging services are commonly used for confidential discussions, compromised accounts could expose sensitive information and internal communications.

Vice-Admiral Peter Reesink, head of the Dutch military intelligence service, warned that encrypted apps are increasingly becoming attractive targets for cyber espionage. He stressed that despite their strong encryption, such platforms should not be used to transmit classified or highly sensitive information.

Growing Pattern of Hybrid Cyber Operations

The incident fits into a broader pattern of cyber and hybrid activities attributed to Russia across Europe. Western intelligence agencies have repeatedly warned that cyberattacks, disinformation campaigns, and espionage are being used alongside traditional military strategies to influence political and security environments.

Cybersecurity experts note that targeting messaging platforms allows attackers to bypass encryption by manipulating users rather than breaking the technology itself. By gaining control of accounts, hackers can observe conversations, collect intelligence, and potentially spread misinformation within trusted networks.

Security Advice for Users

Authorities have urged users to take extra precautions when using messaging apps. Security guidelines include:

• Never share verification codes or PIN numbers with anyone.
• Be cautious of unexpected messages claiming to be from app support teams.
• Review connected devices regularly and remove unknown ones.
• Enable additional security features such as two-step verification.

Dutch officials say they are assisting affected users and monitoring the campaign as part of ongoing efforts to counter cyber threats targeting government and public institutions.