29MAY

Signal, WhatsApp hit by three states

3 min read

14:17UTC

Russia's FSB, China's APT31 and Iran's IRGC are all running the same trade against journalists, lawyers and politicians. NCSC and Dutch AIVD advised passkeys plus a device audit.

← Back to GitHub's own code cloned via VS Code add-on Jump to analysis ↓

TechnologyAssessed

Key takeaway

Three state services converging on the same civil-society vector makes messaging-app compromise a standard intelligence technique.

The UK National Cyber Security Centre (NCSC) and the Dutch General Intelligence and Security Service (AIVD) issued joint advisories on 31 March and 9 March 2026 warning that state-linked actors are targeting the Signal, WhatsApp and Facebook Messenger accounts of politicians, journalists, academics and lawyers using malicious QR codes and contact impersonation ¹. The named clusters span three adversary states: Russia's Federal Security Service (FSB) running the operation known as Star Blizzard, China's APT31, and the Iranian Islamic Revolutionary Guard Corps (IRGC). A QR code linked in a message, scanned on a phone, can add an attacker's device as a linked Signal or WhatsApp session; contact impersonation through a spoofed voice or typed identity gets the target to send that QR on in the first place.

Three unrelated services arriving at the same attack vector is a tradecraft signal. Messaging apps have become the collection target because they now sit outside the corporate email perimeter where most monitoring lives. A journalist's Signal conversations with a source, a barrister's WhatsApp group with a client, a member of parliament's encrypted chat with a constituent, all carry the material that traditional lawful-intercept once got from telephone taps. The mitigation both agencies recommend, passkeys plus a device audit on every linked session, is specific and actionable in a way that generic state-threat advisories rarely are. A passkey is a cryptographic key bound to the user's device that replaces the password and cannot be phished; device audits on Signal and WhatsApp are done from the app's own "linked devices" menu.

Deep Analysis

In plain English

Signal and WhatsApp allow you to use your account on more than one device. If you get a new phone, for example, you scan a QR code to link it. This is a legitimate feature. Russian, Chinese, and Iranian intelligence services have been exploiting this feature by tricking politicians, lawyers, journalists, and academics into scanning malicious QR codes, linking the attacker's device to the target's account. The victim keeps using their messaging apps normally while the attacker can also read all their messages in real time. The UK's NCSC and the Dutch intelligence service AIVD issued a joint warning about this. The recommended defences are switching to passkeys instead of passwords and regularly checking the list of linked devices in your Signal and WhatsApp settings to remove any you do not recognise.

Deep Analysis

Root Causes

Signal and WhatsApp's legitimate multi-device feature allows a user to scan a QR code displayed by any additional device to link it as an authorised second client. Both platforms implemented this to compete with iMessage and other multi-device ecosystems. The feature has no built-in alert mechanism that clearly distinguishes a legitimate second-device link from a malicious one; the notification sent to the primary device is easily missed.

The target population that intelligence agencies are trying to protect (lawyers, journalists, politicians) is exactly the population least likely to have completed advanced security configuration (passkeys, linked-device auditing) on their personal messaging accounts, because their training is in their professional domain, not operational security.

What could happen next?

Risk
Malicious QR-code device-linking requires no technical exploit and no zero-day purchase; it scales to any actor with social engineering capability, which means the threat extends well below the nation-state tier.
Consequence
Signal and WhatsApp will face regulatory and civil-society pressure to implement more prominent linked-device notifications and audit logging following the NCSC-AIVD advisory, following the precedent of Apple's Lockdown Mode introduction after Pegasus exposure.

Source Landscape

This story draws on neutral-leaning sources

Primary parallel: The 2016 WhatsApp account compromise of Bahraini human rights activist Ahmed Mansoor, documented by Citizen Lab, which used an iOS zero-day to plant Pegasus rather than a messaging-app device-linking technique.

The QR-code linking approach documented in the 2026 NCSC-AIVD advisory requires no zero-day; it exploits a legitimate feature of Signal and WhatsApp (the ability to link a second device) through social engineering. The technical barrier to this attack is dramatically lower than the 2016 Pegasus model.

Counter-parallel: The 2022 Conti ransomware group's internal chat leak, via a Ukrainian researcher who joined the group and leaked its Jabber logs, demonstrated that even sophisticated threat actors are not immune to social-engineering approaches to messaging access. The attack documented in the NCSC-AIVD advisory inverts this: the sophisticated actor uses social engineering to access the communications of a non-technical target rather than the other way around.

Consensus view: Citizen Lab at the University of Toronto, which tracks state-sponsored targeting of civil society, documents that the shift from spearphishing email to messaging-app QR code and device-linking abuse reflects a calculated response by state actors to end-to-end encryption: rather than breaking the encryption, attackers add their own device as an authorised second device on the victim's Signal or WhatsApp account, gaining access to all future and recent messages without decrypting the transport layer.

Counter-view: The AIVD's public advisory focuses on Western civil-society targets, but Chinese cybersecurity firm Qi An Xin assessed in 2025 that FSB Star Blizzard and APT31 also conduct identical QR-linking operations against non-Western journalists and activists, particularly in Central Asian states and Hong Kong, and that the threat is not limited to NATO-adjacent targets as Western advisories imply.

Key tension: Whether passkeys plus device audit is a realistic mitigation for the non-technical target population (politicians, academics, lawyers) that these agencies are trying to protect, or whether the mitigation gap between technical recommendation and non-technical adoption will sustain the attack's effectiveness indefinitely.

Sources:NCSC UK

Mentions:NCSC →AIVD →FSB Star Blizzard →APT28 →Islamic Revolutionary Guard Corps (IRGC) →Meta →Facebook Messenger →Russia →China →Iran →Bahrain →NATO →Prima →Toronto →Intel →Hong Kong →FSB →

First Reported In

Update #1 · Stryker MDM wipe exposes identity perimeter

NCSC UK· 17 Apr 2026

Read original →

Causes and effects

This Event

Signal, WhatsApp hit by three states

Three unrelated state services converging on the same civil-society attack vector suggests messaging-app compromise has become a standard intelligence-collection method.

Led to

FIRESTARTER implant survives every Cisco firewall patch

NCSC FIRESTARTER advisory repeats the attribution-output pattern established by the NCSC APT28 advisory in ID:2548, using the same co-signed format.

Occurred 24 Apr 2026

Read story →

Different Perspectives

Google Threat Intelligence Group

GTIG's attribution of the GitHub breach extends UNC6780's documented arc from SAP npm through Cisco AI Defense to GitHub's own estate; its 36-hour LiteLLM exploitation set the speed benchmark CISA AA26-148A is designed to address. GTIG's published tracking gives defenders the actor profile needed to assess their own developer-toolchain exposure.

Enterprise security buyers / CISO community

For enterprise security leaders, two KEV AI-orchestration entries in three weeks (LiteLLM 8 May, Langflow 21 May) convert shadow AI tooling from a governance risk to a confirmed attack surface requiring immediate software asset inventory. The 65 per cent gap in enterprise AI tool inventories documented by Wiz Research is now a liability rather than a compliance footnote.

DSIT / UK Government

DSIT framed the £14.7 billion sector figure and the Cyber Resilience Pledge as a paired signal: commercial strength alongside supply-chain accountability, with £90 million targeting the NHS supplier exposure this briefing's threat events directly illustrate. The voluntary Pledge's enforceability gap, prior to the Cyber Security and Resilience Bill reaching Royal Assent, is the question its launch does not answer.

GitHub / Microsoft

GitHub confirmed that no customer repositories or user data were affected by the Nx Console breach, but acknowledged approximately 3,800 internal repositories were cloned and referred to CISA Alert AA26-148A's allow-listing guidance. The incident puts Microsoft in the position of operating a marketplace whose publisher-verification gap is now a documented attack vector in a federal advisory.

Tsinghua University Institute for International Strategic Studies

Beijing-aligned commentary rejects US attribution of PRC-nexus clusters (UNC2814, APT45, UAT-8616) as politically motivated framing, characterising the April sixteen-agency joint advisory as coordinated Western pressure rather than independent technical assessment.

Cisco

Cisco has not confirmed the UNC6780 breach scope beyond the named AI Defense and AI Assistant projects; GitHub confirmed an investigation. CVE-2026-20182 is the sixth Cisco SD-WAN KEV entry in 2026, reaching that milestone the same week UNC6780's source-code visibility into the portfolio became public.