Russian cyber-spies target UK and European officials via messaging apps
High-risk figures warned to exercise extreme caution when using WhatsApp, Signal and other third-party applications.
British and European intelligence agencies have warned that Russian digital espionage agents are attempting to spy on prominent government figures and other "high-risk" individuals through their messaging apps.
The UK National Cyber Security Centre (NCSC), part of GCHQ, warned that it has observed "growing malicious activity from Russia-based actors", reporting that adversaries are trying to crack into targets' WhatsApp, Messenger and Signal accounts.
Dutch and Portuguese spooks also sounded the alarm, although Portugal's Security Information Service stopped short of blaming Russia.
There is no suggestion that Moscow has backdoored or compromised these services during its clandestine cyberwar operations. The NCSC said its internet spies were using traditional techniques familiar from cybercrime to gain access to accounts, including:
- Tricking people into sharing login or account recovery codes.
- Adding a malicious device to your account.
- Quietly joining group chats.
- Impersonating someone you know.
- Phishing with malicious links or QR codes.
The agency has previously warned about the targeting of government officials by China's state-affiliated APT31, Russian Federal Security Service (FSB) actor Star Blizzard, and Iran's Islamic Revolutionary Guard Corps (IRGC). You can see a statement from Signal in the X post shared below.
We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously.
— Signal (@signalapp) March 9, 2026
To be clear: Signal’s encryption and infrastructure have not been…
How to dodge Russian spies (and other threat actors)
The best way to stay safe is to avoid sharing important information on third-party apps.
"Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information," said Vice Admiral Peter Reesink, director of the Dutch military intelligence service.
The NCSC also offered these tips for staying safe:
- For work, use corporate messaging services and approved devices where possible, and follow organisational policies.
- Never share verification codes or scan unexpected QR codes.
- Enable two-step verification (called Registration Lock on Signal).
- Turn on passkeys where available (supported by WhatsApp and Signal).
- Regularly review linked devices, check group members, and remove or independently verify anyone you don’t recognise.
- Be alert to impersonation, duplicate contacts, and messages from unknown senders.
- On personal accounts, enable disappearing messages to limit exposure if an account is compromised—but ensure this aligns with any record-keeping requirements.
READ MORE: China’s Red Menshen “sleeper cell” spies caught hiding deep inside global telecoms networks
Adam Boynton, Senior Enterprise Strategy Manager at Jamf, said: "The NCSC’s warning is a reminder that messaging apps are only as secure as the device they sit on. Users often assume end-to-end encryption means end-to-end protection, but that’s not the case. If a device is compromised, or if a user is socially engineered into linking an attacker’s device to their account, encryption becomes irrelevant.
"For organisations with high-risk individuals, the lesson is clear: app-level security is not device-level security. Visibility into linked devices, enforced software updates, and ensuring sensitive communications happen on managed channels should already be baseline.
"The organisations best prepared for threats like these aren’t reacting to advisories - they’ve already built mobile security into their foundation."
Staying safe in a grim threat landscape
The NCSC specifically said that high-risk British people were at risk from Russian snooping, which includes everyone working in politics, from elected representatives amd candidates to activists and staffers, as well as people in academia, journalism and the legal sector.
It advised: "In a cyber security context, you are considered a high-risk individual if your work or public status means you have access to, or influence over, sensitive information that could be of interest to nation state actors.
"In recent years there have been a number of targeted cyber attacks against high-risk individuals in the UK, to attempt to gain access to their accounts and devices. This has resulted in the theft and publication of sensitive information, which can also cause reputational damage."
