Russian state hackers are carrying out a global campaign to compromise Signal and WhatsApp accounts belonging to government officials and military personnel, Dutch intelligence warned Monday.

In a public cybersecurity advisory, the Netherlands’ military intelligence service (MIVD) and domestic security agency (AIVD) said the operation is targeting dignitaries, civil servants and members of the armed forces.

Dutch government employees are among those whose accounts have already been compromised, the agencies said. They warned the campaign could also target journalists and others of interest to the Russian government.

The warning follows a series of Russian espionage campaigns uncovered by Western intelligence agencies targeting NATO governments, researchers and defense contractors.

The agencies stressed the attacks target individual accounts and do not indicate any breach of the messaging platforms themselves.

Signal and WhatsApp both use the Signal Protocol, an end-to-end encryption system widely regarded as the strongest available for protecting message content in transit. However, messages remain readable if an attacker gains access to a user’s device or account.

“It is not the case that Signal or WhatsApp as a whole have been compromised,” AIVD Director-General Simone Smit said in a statement. “Individual user accounts are being targeted.”

The advisory does not estimate how many victims there are and does not attribute the activity to a specific Russian intelligence agency or known hacking group. Instead of exploiting technical flaws, the campaign abuses legitimate security features in the apps and relies on social engineering, the agencies said.

Attackers typically impersonate customer support accounts and try to trick victims into sharing verification codes or PIN numbers needed to access their messaging accounts.

The hackers can trigger those codes by starting the normal registration process using the target’s phone number. Signal and WhatsApp automatically send a verification code to any number entered during account registration.

Posing as support staff, the attackers then claim the victim must share the code to secure or verify their account. If the victim provides it, the attacker can enter the code on their own device and take control of the account, allowing them to read messages and send messages while impersonating the victim.

Another method involves persuading users to scan malicious QR codes or click links that connect a hacker’s device to the victim’s account through the apps’ “linked devices” feature, giving attackers access to chats and message history.

The campaign builds on Russian cyber operations that have previously targeted messaging platforms used by officials, journalists and military personnel.

Google security researchers warned last year that Signal’s widespread use among Ukrainian soldiers, politicians and journalists had made it a frequent target for Russian espionage operations.

In one case, Russian military hackers linked Signal accounts from captured battlefield devices to their own systems for further exploitation.

The Dutch agencies warned users never to share verification codes, avoid scanning unknown QR codes and ignore messages claiming to be from Signal support.