New Delhi: A global cyber campaign targeting users of popular messaging platforms Signal and WhatsApp has been linked to Russian hackers, according to a recent report by a European intelligence agency. The campaign is believed to be primarily aimed at gaining access to the accounts of government officials, military personnel, diplomats, and journalists.
According to the report, the attackers are not exploiting technical vulnerabilities in the messaging applications themselves. Instead, they are using phishing techniques and social engineering tactics to trick users into sharing security verification codes and passcodes. Once these codes fall into the hands of the attackers, they can gain access to the victim’s accounts and associated group chats.
Verification codes obtained through phishing messages
Investigations have revealed that the attackers contact users through various chats or messages, attempting to convince them to share verification codes under the pretext of a technical issue, security update, or other seemingly legitimate reasons.
As soon as a user shares the code, the attackers can log into the account. This allows them to access private conversations, contact lists, and group chats linked to that account.
Cybersecurity experts say that in many cases, users may not immediately realize that their accounts have been taken over by someone else.
Messaging apps’ technical security remains intact
Following the reports, Signal acknowledged in a public statement that it is aware of targeted phishing attacks that have resulted in some account takeovers.
However, the company emphasized that its encryption systems and technical infrastructure have not been compromised. According to the company, the attackers did not exploit any technical flaws in the platform but instead manipulated users into sharing sensitive information.
Experts say that modern messaging platforms use strong encryption, which is why attackers often target human vulnerabilities rather than technical systems.
Focus on journalists and government officials
The report suggests that the cyber campaign may specifically target individuals connected to governments or sensitive institutions. These may include government employees, military officials, and journalists.
If attackers succeed in accessing such accounts, they may gain access to sensitive information, strategic discussions, and private communications.
Experts warn that such cyber operations are not limited to data theft. They may also be used for spreading misinformation or conducting digital espionage.
Cyberattacks as part of hybrid warfare
For many years, hacker groups linked to Russia have been involved in cyber operations around the world. Earlier, these attacks often focused on financially motivated crimes such as ransomware or online fraud.
However, since the war in Ukraine, the nature of these cyber activities appears to have shifted. Experts say cyber operations are increasingly being used for strategic and geopolitical objectives.
Several European countries have previously accused Russian-linked hacking networks of targeting critical digital infrastructure, election systems, and government institutions.
Rising threat of social engineering
Renowned cybercrime expert and former IPS officer Prof. Triveni Singh says that in such cases, hackers often target people rather than technology.
According to him, “Today, cybercriminals frequently use social engineering and phishing techniques to obtain verification codes, passwords, or other sensitive information from users. Once they acquire this data, they can easily gain access to messaging accounts and private communications.”
He advised users never to share OTPs, verification codes, or passcodes with anyone, even if the person claims to be an employee of the company or someone familiar.
Vigilance remains the best defense
Cybersecurity experts say that users should remain cautious about unknown links, suspicious messages, and unexpected requests for security codes.
If anyone suspects unusual activity in their account, they should immediately change passwords, enable two-factor authentication, and report the issue to the platform. Awareness and digital vigilance remain the most effective protection against such cyber threats.
