The AIVD and MIVD said the operation targeted senior officials, military staff and civil servants worldwide, as well as journalists. Dutch authorities said victims in the Netherlands had been informed, but did not disclose their number or identities.
The agencies said the attacks did not exploit technical flaws in the apps themselves, but instead relied on manipulating users. Hackers posed as, among others, Signal technical support and persuaded victims to hand over verification codes, PINs or scan QR codes.
That allowed attackers to take over an account or add their own device to an existing one, gaining access to correspondence, including group chats, the agencies said.
Dutch intelligence said similar tactics had been seen before from Russian groups. In 2023 and 2024, phishing attacks used invitations to chat groups, while in 2025 a campaign pushed Signal users to carry out a supposed account re-verification.
In February, German intelligence also warned of a similar campaign aimed at politicians, military personnel, diplomats and investigative journalists in Germany and other European countries.
The Dutch agencies advised users not to share confidential or classified information via messaging apps, to regularly check connected devices, ignore unsolicited group invitations and consider using disappearing messages.
(jh)
Source: PAP