Russia-backed hackers penetrated the encrypted messaging apps Signal and WhatsApp to spy on government officials and journalists, according to a warning issued Monday by the Netherlands' intelligence service. The General Intelligence and Security Service identified the campaign as part of Russia's broader effort to intercept sensitive communications from Western targets. The breach marks a rare successful compromise of platforms widely considered among the most secure for digital communications.
The attackers exploited cloud backups rather than breaking the apps' end-to-end encryption, according to technical details released by Dutch investigators. When users back up their chats to Google Drive or iCloud, the encrypted protections no longer apply, allowing hackers who compromise those cloud accounts to access message contents. The Netherlands intelligence service confirmed that Russian operatives used credential stuffing and phishing to gain access to these backup repositories, then downloaded years of chat history from their targets.
The campaign targeted at least 12 Dutch government officials, including members of parliament and senior civil servants, along with four investigative journalists from major Dutch news organizations. One compromised journalist had correspondence with sources inside Russia's energy sector, while a foreign ministry official's chats included discussions about NATO supply routes.
The campaign targeted government officials and journalists across the Netherlands. Government officials who used personal devices for work communications face internal investigations, with at least one senior diplomat reassigned from sensitive negotiations.
Security researchers say the breach exposes a critical vulnerability in how people use encrypted messaging apps, where users assume their conversations disappear but actually leave permanent records. The Netherlands warning notes that even disappearing messages can be recovered from backups, and that group chats expose entire networks of contacts when one member gets compromised. Dutch officials confirmed that some victims had used encrypted apps specifically to avoid government surveillance, only to have their data accessed by a foreign power.
The Netherlands has begun requiring officials to use only government-issued phones for all work-related messaging, and is auditing whether classified information was discussed in compromised chats.
The Netherlands intelligence service recommends users disable cloud backups entirely in WhatsApp and Signal settings, or encrypt backups with passwords not stored online. Officials suggest treating messaging apps like phone calls: assume anything said could be recorded, regardless of encryption promises. For journalists and government workers, the breach means sources and contacts face potential exposure, with Dutch prosecutors already reviewing whether any compromised information constitutes state secrets that require formal damage assessments.
Russia-backed hackers penetrated the encrypted messaging apps Signal and WhatsApp to spy on government officials and journalists, according to a warning issued Monday by the Netherlands' intelligence service. The General Intelligence and Security Service identified the campaign as part of Russia's broader effort to intercept sensitive communications from Western targets. The breach marks a rare successful compromise of platforms widely considered among the most secure for digital communications.
The attackers exploited cloud backups rather than breaking the apps' end-to-end encryption, according to technical details released by Dutch investigators. When users back up their chats to Google Drive or iCloud, the encrypted protections no longer apply, allowing hackers who compromise those cloud accounts to access message contents. The Netherlands intelligence service confirmed that Russian operatives used credential stuffing and phishing to gain access to these backup repositories, then downloaded years of chat history from their targets.
The campaign targeted at least 12 Dutch government officials, including members of parliament and senior civil servants, along with four investigative journalists from major Dutch news organizations. One compromised journalist had correspondence with sources inside Russia's energy sector, while a foreign ministry official's chats included discussions about NATO supply routes. The hackers accessed photos, voice messages, and group chat discussions dating back to 2022, according to forensic analysis of the breached accounts.
Dutch intelligence linked the operation to the same Russian military intelligence unit responsible for the 2016 hack of the Democratic National Committee. The hackers deployed custom malware designed to automatically forward new WhatsApp messages to servers in Moldova and Kazakhstan, which then relayed the data to Moscow. Unlike previous campaigns that relied on fake login pages, this operation used legitimate cloud infrastructure to avoid detection, making the traffic appear as routine backup synchronization.
Security researchers say the breach exposes a critical vulnerability in how people use encrypted messaging apps, where users assume their conversations disappear but actually leave permanent records. The Netherlands warning notes that even disappearing messages can be recovered from backups, and that group chats expose entire networks of contacts when one member gets compromised. Dutch officials confirmed that some victims had used encrypted apps specifically to avoid government surveillance, only to have their data accessed by a foreign power.
The hacked journalists have been advised to contact all sources from the past two years to warn them their conversations may be compromised, according to the Dutch Association of Journalists. Government officials who used personal devices for work communications face internal investigations, with at least one senior diplomat reassigned from sensitive negotiations. The Netherlands has begun requiring officials to use only government-issued phones for all work-related messaging, and is auditing whether classified information was discussed in compromised chats.
The Netherlands intelligence service recommends users disable cloud backups entirely in WhatsApp and Signal settings, or encrypt backups with passwords not stored online. Officials suggest treating messaging apps like phone calls: assume anything said could be recorded, regardless of encryption promises. For journalists and government workers, the breach means sources and contacts face potential exposure, with Dutch prosecutors already reviewing whether any compromised information constitutes state secrets that require formal damage assessments.
Highlighted text was flagged by the council. Tap to see feedback.
