German and allied security agencies have issued a fresh alert about a phishing campaign targeting users of the Signal messaging app, with Berlin attributing the operation to a Russian state-controlled cyber actor. The attacks have compromised accounts of lawmakers, civil servants, diplomats, military personnel, and journalists across the country.
A German government source told AFP that the federal government assumes the campaign was run from Russia. The attacks involve messages that appear to come from Signal support, asking targets to enter a PIN, open a link, or scan a QR code. Once successful, hackers gain access to messages, chat groups, photos, and files, and can impersonate the compromised user.
Scale of the Breach
While officials have not disclosed the exact number of affected individuals, local media estimate that at least 300 accounts belonging to political figures were compromised. Konstantin von Notz, a member of the Bundestag and deputy chief of the intelligence oversight committee, warned that the number of unreported cases is likely to rise. βAt present, no one can say with any certainty whether the integrity of MPs' communications is still guaranteed,β he told AFP.
The campaign has targeted not only high-profile politicians but also civil servants, diplomats, military personnel, and journalists. Many users had migrated from WhatsApp to Signal due to privacy concerns after WhatsApp announced it would share metadata with its parent company Meta.
Bundestag Debates Response
The Bundestag is now debating how to respond. Vice-President of the German Bundestag Andrea Lindholz (CSU) has rejected a blanket ban on using Signal, arguing that MPs should be free to make their own decisions. However, the question of restricting the desktop version of the app on Bundestag computers has been raised.
Germany has been a prime target for Russian cyberattacks, espionage, and sabotage since the full-scale invasion of Ukraine in 2022. As Ukraine's largest provider of military aid, Berlin has faced repeated digital incursions. This latest phishing campaign underscores the persistent threat to European political infrastructure.
The incident also highlights broader security concerns across the continent. European allies have increasingly warned about Russian cyber activities, from drone debris hitting Romanian towns to deadly overnight barrages in Ukraine. Meanwhile, Estonia has called for a lifetime Schengen ban on Russian soldiers, and the EU has approved new sanctions against Russia, though a maritime ban was delayed due to opposition from Greece and Malta.
As the investigation continues, German authorities urge all Signal users, especially those in sensitive positions, to remain vigilant and verify any unexpected requests for credentials.
