NCSC warns of messaging app targeting

Summary

The UK National Cyber Security Centre (NCSC), together with international partners, has issued an alert about increased malicious activity by Russia-based actors targeting messaging apps such as WhatsApp, Messenger and Signal. The activity is focused on high-risk individuals — people whose roles or access make them attractive targets — and includes social engineering techniques designed to gain access to accounts or inject malicious participants into conversations.

Key Points

State-aligned and Russia-based actors are actively targeting messaging apps to compromise high-risk accounts.
Common attacker techniques include tricking users into revealing verification codes, adding unauthorised devices, joining group chats stealthily and impersonation.
Phishing via malicious links and QR codes is a highlighted vector — scanning unexpected QR codes is risky.
NCSC recommends not sharing sensitive information over messaging apps and using corporate channels for work-related communications where possible.
Enable two-step verification (Registration Lock on Signal) and use passkeys where supported (WhatsApp and Signal).
Regularly review linked devices, group membership and remove any unknown participants.
Use disappearing messages on personal accounts to limit retained data, bearing in mind any record-keeping needs.
NCSC links to further guidance for high-risk individuals and points to related advisories from Google and Microsoft.

Content summary

The alert explains that messaging apps remain a core part of everyday communication and are now being actively abused by sophisticated actors to target people who hold influence or access to sensitive information. The NCSC details the likely attacker behaviours and provides a straightforward set of mitigations to reduce account compromise risk. Those mitigations include both technical steps (two-step verification, passkeys, checking linked devices) and behavioural steps (avoid sharing verification codes, use corporate tools for work, beware of impersonations and unexpected QR codes).

The advisory is aimed at cyber security professionals, large organisations and public-sector staff but contains practical actions that individuals can follow to harden their personal accounts. It also references government guidance on non-corporate communications and posts from Google and Microsoft describing similar activity.

Context and relevance

This warning fits a broader trend of state-aligned actors targeting easy-to-exploit human and device pathways rather than solely relying on complex exploits. Messaging apps offer attackers a low-cost route to breach accounts and pivot into organisations or sensitive conversations. For organisations and security teams, the bulletin reinforces the need to treat messaging apps as an operational risk: apply policy, enforce safe device usage, and ensure staff at higher risk get tailored protection and monitoring.

For individuals, especially those in public roles or handling sensitive information, the guidance is timely — attackers are combining social engineering with device-level tricks (adding devices, QR-code lures) that many users do not routinely check for or recognise.

Author style

Punchy: this is a no-nonsense alert you should act on if you or your organisation uses mainstream messaging apps. It’s concise, practical and points straight to controls that materially reduce risk. Read the advice and apply the quick wins now.

Why should I read this?

If you use WhatsApp, Signal or Messenger and have anyone who relies on you — colleagues, clients or contacts with sensitive info — this is worth a couple of minutes. It tells you exactly what nasties to watch for and what quick settings to flip to stop someone sneaking into your chats.