Hackers Target WhatsApp and Signal Accounts of Officials in Global Cyber Campaign
A state-sponsored cyber campaign is underway, targeting WhatsApp and Signal accounts belonging to government officials, diplomats, military personnel, and others with access to sensitive information, according to alerts issued by Portuguese security services on March 11, 2026. The campaign, attributed to a foreign state, aims to gain access to confidential national and allied intelligence.
The Serviço de Informações de Segurança (SIS) warned that attackers are employing various methods to trick users into sharing sensitive data, such as passwords, potentially compromising their accounts on the popular messaging apps. Once access is gained, these actors could intercept conversations, access shared files, and launch further phishing attacks against contacts.
Despite the ongoing campaign, authorities emphasize that WhatsApp and Signal themselves have not been compromised. The SIS clarified that the vulnerability lies in potential user practices, as individuals may be less cautious despite relying on the apps’ encryption features for secure communication. This highlights the increasing sophistication of cyberattacks that target human behavior rather than platform vulnerabilities.
To mitigate the risk, the SIS recommends several security measures. Users should verify the authenticity of new contacts or interactions through alternative means, such as direct phone calls. Sharing account credentials or verification codes should be strictly avoided. The apply of QR codes should be limited to necessary situations initiated by the user, and security and privacy settings within the applications should be maximized.
Any suspicious activity should be reported to institutional cybersecurity units or through the official SIS portal. The alert from Portuguese security services underscores the growing threat landscape facing governments and organizations worldwide, as state-sponsored actors increasingly leverage cyberattacks for espionage and information gathering.
The campaign is reportedly global in scope, with implications for international relations and data security. Further details on the alert were initially reported by Correio da Manhã.
Expresso reports that Russian hackers are believed to be behind the effort.
CNN Portugal also covered the story, noting the SIS’s emphasis that the messaging apps themselves are not at fault.
