Iamprovider

Zali Steggall’s WhatsApp hacked in suspected Russian attack

Zali Steggall’s WhatsApp hacked in suspected Russian attack

Australian MP caught in global phishing wave

Independent federal MP Zali Steggall has revealed her WhatsApp account was hacked in March as part of a sophisticated phishing scheme believed to be orchestrated by Russian threat actors. The attack, which targeted her personal account, is part of a broader global campaign that has compromised messaging accounts of government officials, military personnel, and journalists worldwide.

Steggall confirmed the breach in a statement, noting that the hackers used deceptive tactics to gain access. While her office did not disclose specific details about the content accessed, the incident underscores the growing vulnerability of widely used messaging platforms to state-sponsored cyber espionage.

How the phishing campaign works

According to warnings from Dutch and German intelligence agencies, the attackers impersonate official support accounts on both Signal and WhatsApp. Victims receive messages that appear to come from platform security teams, warning of suspicious activity and urging immediate action—such as entering a verification code or scanning a QR code.

Dutch intelligence (AIVD/MIVD) described the campaign as a large-scale global effort by Russian state hackers targeting “dignitaries, military personnel and civil servants.” The attackers exploit legitimate features like the “linked devices” option, tricking users into granting access to their accounts without ever breaking the apps’ encryption.

Signal and WhatsApp encryption remains intact

Both messaging services have stressed that their underlying encryption has not been compromised. Signal issued a statement saying, “Signal’s encryption and infrastructure have not been compromised and remain robust.” Dutch officials echoed this, noting the campaign “does not exploit any technical vulnerabilities of the messaging services.”

Instead, the attacks rely on human error—users being duped into handing over security codes. This method is alarmingly effective, as seen in cases like Steggall’s and in Germany, where around 300 Signal accounts belonging to political figures were reportedly compromised.

Germany and the US confirm similar attacks

In Germany, federal prosecutors launched a preliminary investigation into cyberattacks on Signal accounts targeting high-ranking politicians, including two government ministers. German magazine Der Spiegel reported that victims received messages from a fake Signal security chatbot instructing them to enter a PIN or scan a QR code.

Meanwhile, US intelligence agencies warned in March that Russian hackers had breached thousands of accounts belonging to US government officials, military personnel, and journalists. The FBI alert described a campaign that impersonates official support accounts to lure victims into sharing sensitive information.

Who is at risk and how to protect yourself

While the campaign has primarily targeted government and military officials, journalists and other persons of interest to the Russian government are also at risk. The hackers’ goal is to infiltrate group chats and gain access to sensitive communications.

  • Never share verification codes: Legitimate platforms will never ask for your PIN or one-time code via chat.
  • Enable two-factor authentication: Adds an extra layer of security beyond the standard verification.
  • Beware of unsolicited support messages: If you receive a message claiming to be from Signal or WhatsApp support, independently verify through official channels.
  • Check linked devices: Regularly review which devices are connected to your account and remove any you don’t recognize.

Sophisticated but preventable threats

Steggall’s hack is a stark reminder that even high-profile individuals are vulnerable to social engineering. While the technical defenses of apps like WhatsApp and Signal remain strong, the human element is the weakest link. As state-backed attackers refine their phishing lures, awareness and vigilance are the best countermeasures.

The global scale of this campaign—spanning Australia, Europe, and the US—signals a persistent threat that shows no signs of abating. For officials and everyday users alike, the message is clear: trust no unsolicited requests for your credentials, no matter how official they appear.