OrganisationNL

AIVD

Dutch General Intelligence and Security Service, which co-issued the joint advisory warning of state-linked QR-code attacks on Signal and WhatsApp.

Last refreshed: 17 April 2026 · Appears in 1 active topic

Key Question

Why are Dutch and UK intelligence agencies jointly warning about Signal QR codes?

Timeline for AIVD

#117 Apr

Co-issued advisory with NCSC on 9 March and 31 March 2026 on state-linked targeting of Signal and WhatsApp accounts

Cybersecurity: Threats and Defences: Signal, WhatsApp hit by three states

View full timeline →

Follow Cybersecurity: Threats and Defences →

Common Questions

Why did Dutch intelligence warn about Signal attacks?: AIVD and the UK NCSC co-issued an advisory on 9 March 2026 warning that Russia's FSB, China's APT31 and Iran's IRGC are using malicious QR codes and contact impersonation to hijack Signal, WhatsApp and Messenger accounts of high-risk individuals.Source: AIVD / NCSC joint advisory
What is the AIVD?: AIVD is the Netherlands' General Intelligence and Security Service, responsible for domestic counterintelligence, counterterrorism and cyber threat assessment.

Background

AIVD co-issued a joint advisory with the UK NCSC on 9 March 2026 warning that state-linked actors, including Russia's FSB Star Blizzard, China's APT31 and Iran's IRGC, are using malicious QR codes and contact impersonation to compromise Signal, WhatsApp and Facebook Messenger accounts of politicians, journalists, academics and lawyers. Both agencies recommended passkeys and a device audit as mitigations.

AIVD, the Algemene Inlichtingen- en Veiligheidsdienst, is the Netherlands' domestic intelligence and security service responsible for counterintelligence, counterterrorism and cyber threat assessment. It publishes threat advisories in coordination with European and Five Eyes partners and has been particularly active on Russian and Chinese state actor attribution in recent years.

The joint NCSC-AIVD advisory is notable as a coordinated European counterintelligence response to a cross-border messaging-platform campaign rather than a national-level advisory. For Dutch and UK civil-society targets in the advisory's scope, the message from both agencies is that passkey adoption is now a state-security recommendation, not a convenience feature.

How the World Sees Them

UK NCSC

The joint advisory formalises intelligence sharing on a campaign NCSC had tracked separately; two agencies issuing together amplifies reach to the civil-society targets most at risk.

Netherlands Government

AIVD frames the messaging-app targeting as a cross-border civil-society threat requiring joint European response rather than unilateral national action.

EU intelligence community

Coordinated advisories from national intelligence services on non-espionage civil-society targeting are a relatively new format, reflecting an adversary shift toward soft-power influence operations.