Portuguese intelligence warns of global cyber espionage operation
Portugal’s Security and Intelligence Service (SIS) has issued a public warning regarding a sophisticated global hacking campaign aimed at compromising the encrypted messaging accounts of government officials, military personnel, and diplomats. The agency stated that foreign state-backed hackers are systematically attempting to gain access to WhatsApp and Signal accounts belonging to individuals with access to sensitive information from Portugal and allied nations. While the SIS did not attribute the campaign to a specific country, it urged heightened vigilance among potential targets.
Dutch agencies point to Russian involvement
This warning follows a similar alert published days earlier by Dutch intelligence services, which directly linked the operation to Russian hacking groups. The General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD) of the Netherlands detailed that the hackers primarily use social engineering, posing as legitimate support chatbots to trick users into revealing security codes. This method grants the attackers access to personal accounts and private group chats containing sensitive discussions.
Technical methods exploit user trust
The operation’s techniques focus on manipulating human behaviour rather than breaching the applications’ encryption. A common tactic involves impersonating the ‘Signal Support’ chat bot to coax verification codes from targets. Another method exploits the ‘linked devices’ feature within Signal to gain unauthorised access. These approaches circumvent technical security measures by relying on deception, highlighting a significant shift towards targeted psychological manipulation in state-sponsored cyber espionage.
Strategic objectives of the campaign
Analysts assess that the campaign’s primary goal is intelligence gathering, aimed at understanding political alignments and informal communication channels within European governments and NATO. Access to private discussions among diplomats and officials could reveal positions on key issues such as support for Ukraine, sanctions policy, and military aid. Furthermore, intercepted communications could provide material for coercion, blackmail, or recruitment attempts against individuals in positions of influence.
European coordination against cyber threats
The synchronised warnings from Portuguese and Dutch services indicate improved intelligence sharing and a growing awareness of the cyber threat landscape at the EU level. This coordination is becoming a crucial component of collective European cybersecurity defence. The incident underscores that even the most secure communication platforms cannot guarantee safety if users neglect basic digital hygiene, making continuous security training for officials handling sensitive information critically important.
