Russian state hackers are trying to gain access to large numbers of Signal and WhatsApp accounts belonging to senior officials, military personnel and civil servants worldwide, according to the Dutch intelligence services.

The AIVD and the military intelligence service MIVD said Dutch government employees have also been targeted and in some cases compromised as part of the campaign. Other people of interest to the Russian authorities, including journalists, may also be targets.

The hackers are attempting to trick users into revealing verification and PIN codes that allow them to take control of accounts. One common tactic is to pose as a Signal support chatbot in order to obtain the codes.

The hackers also make use of the “linked devices” function in Signal and WhatsApp, which allows additional devices to be connected to an account. Victims may not realise that their messages can then be read remotely.

Once an account has been compromised, hackers can read incoming messages and access conversations in group chats. The intelligence services say the campaign has probably already given the attackers access to sensitive information.

Signal in particular appears to be a major target because of its reputation as a secure communications platform. The app is widely used within governments because it offers end-to-end encrypted messaging designed to protect communications.

Nevertheless, the AIVD and MIVD services stress that encrypted messaging apps are not suitable for confidential government information. “Chat applications such as Signal and WhatsApp, even though they have end-to-end encryption, are not channels for classified, confidential or sensitive information,” said MIVD director vice-admiral Peter Reesink.

According to the intelligence agencies, the campaign relies on manipulating individual users. “It is not the case that Signal or WhatsApp as a whole have been compromised. The threat concerns the accounts of individual users,” said AIVD director-general Simone Smit.

The AIVD and MIVD have issued a cyber advisory warning about the attacks and explaining how users can recognise possible compromises. One sign is the appearance of duplicate accounts in chat groups with slightly different names, which may indicate that a hacked account has been replaced by a new one.

Users are also advised to watch for unfamiliar group members or accounts whose display names suddenly change, for example to “Deleted account”, which hackers sometimes use to avoid suspicion.