Lisbon, March 11, 2026 (Lusa) - The Portuguese Security Information Service (SIS) on Wednesday warned of a campaign promoted by a foreign state to gain access to WhatsApp and Signal account data belonging to ministers, diplomats and military personnel.
In a statement, the SIS explained that "the attackers seek to trick users of communication platforms into sharing sensitive data, such as passwords," allowing them to access individual and group conversations, files, "or even launch new phishing campaigns targeting users' contacts."
According to the SIS, this is "a global cyber campaign, sponsored by a foreign state, with the aim of gaining access to the WhatsApp and Signal accounts of ministers, diplomats, military personnel and others with access to confidential information of national origin, as well as from allied countries".
"This campaign does not mean that WhatsApp or Signal have been compromised, nor that the two platforms are vulnerable," added the SIS, since the aim is "to get users to perform actions that result in the breach of their accounts' security".
However, the Portuguese intelligence services did not reveal which foreign state was responsible for these cyber espionage operations.
According to the SIS, to give credibility to cyber attacks, "attackers are increasingly resorting to artificial intelligence tools" that allow them to assume other people's identities, institutional cover and even linguistic fluency.
"The attackers are simply exploiting the potentially less cautious use by users who trust the encryption tools of the two applications that have become popular as a secure means of communication," the statement reads.
The SIS also noted that these cyber espionage operations aim to obtain privileged information to be "subsequently used in favour of the foreign state".
The system recommends checking "the veracity of all new interactions and new contacts on WhatsApp and Signal."
Among other recommendations, it also asks that account credentials and verification codes not be shared, that unauthorised joining of conversation groups on these two platforms not be allowed, and that suspicious situations be reported to the authorities.
The Security Information Service justified the publication of this alert "so that the general public can be prepared for these attacks and know how to identify and respond to them."
RCV/AYLS // AYLS
Lusa
