Dutch intelligence services have issued a warning that hackers linked to the Russian government are targeting users of encrypted messaging apps Signal and WhatsApp, highlighting ongoing cyber risks to private communications and the devices used to access them.

Dutch intelligence agencies have warned that hackers associated with the Russian government are targeting users of the encrypted messaging applications Signal and WhatsApp, according to a notice issued on Monday.

The warning underscores that, while end-to-end encryption is designed to protect message content in transit, attackers may seek other ways to access communications, including compromising user accounts, devices, or the broader digital environment in which messaging apps operate.

The Dutch notice did not provide a public estimate of how many people may have been targeted, nor did it identify specific victims. It also did not detail the technical methods used in the activity it described. The agencies framed the threat as part of a broader pattern of state-linked cyber operations aimed at gaining access to sensitive information.

Signal and WhatsApp are widely used by journalists, civil society groups, government officials, businesses, and private individuals for secure communications. Both apps rely on end-to-end encryption by default for messages, meaning the service providers are generally not able to read the content of messages while they are being transmitted between users.

The Dutch warning focused on the risk to users rather than on any claim that the encryption protocols of the apps themselves had been broken. Cybersecurity specialists have long noted that attackers often attempt to bypass encryption by targeting endpoints, such as a user’s phone, computer, or account credentials, rather than attempting to defeat the cryptography protecting messages.

## What the Dutch warning says

The Dutch intelligence warning stated that Russian government hackers are targeting Signal and WhatsApp users. The notice was issued on Monday and presented as an alert to raise awareness of the threat.

The agencies did not publicly attribute the activity to a named hacking group, and they did not specify whether the targeting was focused on particular sectors such as government, defense, energy, media, or non-governmental organizations. The warning also did not indicate whether the activity was limited to the Netherlands or observed more broadly.

Dutch intelligence services have previously issued public advisories on cyber threats, including activity attributed to state actors. In this case, the agencies emphasized the risk to communications conducted through popular messaging platforms and the need for users and organizations to remain vigilant.

## Why encrypted apps can still be targeted

End-to-end encryption is intended to prevent third parties from reading messages as they travel between sender and recipient. However, encrypted messaging does not eliminate all avenues for attackers.

Common approaches used in cyber operations against messaging users can include attempts to steal account credentials, trick users into approving malicious logins, or compromise devices through malware. Attackers may also seek access to message backups, notifications displayed on locked screens, or linked devices that have weaker security controls.

Because messaging apps are often used on personal smartphones that also handle email, web browsing, and file downloads, a successful compromise of the device can provide access to communications without needing to break encryption. Security officials in multiple countries have repeatedly warned that state-linked actors often focus on these indirect methods.

The Dutch warning did not specify which of these techniques were observed in the activity it attributed to Russian government hackers. It also did not state whether the targeting involved broad campaigns or more selective efforts aimed at specific individuals.

## Implications for users and organizations

The Dutch advisory highlights the continued focus of state-linked cyber actors on communications platforms used for sensitive discussions. For organizations, the warning may prompt reviews of security practices around messaging, including how accounts are set up, how devices are managed, and how staff are trained to recognize suspicious activity.

For individual users, the warning serves as a reminder that secure messaging depends not only on encryption but also on account and device security. Measures commonly recommended by security agencies and cybersecurity professionals include using strong authentication methods where available, keeping operating systems and apps updated, limiting the use of linked devices, and being cautious about unexpected messages or prompts.

The Dutch intelligence services did not announce any new policy measures alongside the warning. They also did not indicate whether they had coordinated the advisory with other governments or with the companies behind Signal and WhatsApp.

The warning comes amid sustained international attention on cyber operations attributed to state actors, including efforts to obtain intelligence, influence decision-making, and access sensitive communications. Dutch authorities said the targeting of Signal and WhatsApp users should be treated as a serious risk, particularly for people whose work or roles make them attractive targets for espionage.