The German Federal Prosecutor’s Office has opened criminal proceedings on suspicion of espionage over a phishing campaign targeting high-profile users of the Signal messenger. Russia is the main suspect.
Der Spiegel reported on this.
According to the media, the attackers hacked accounts belonging to Federal Education Minister Karin Prien, Housing, Urban Development and Building Minister Verena Hubertz, and Bundestag President Julia Klöckner.
Government sources told the publication that “this attack probably originated from Russia.” They stated that all victims whose accounts were compromised were informed by the Federal Office for the Protection of the Constitution and the Federal Office for Information Security (BSI). The affected devices were checked, and the data leak was stopped.
The messages used in the attack were sent to government and parliamentary representatives, as well as political think tanks, journalists, intelligence officers, and military personnel. In total, about 300 Signal accounts of people in the political establishment were compromised in the phishing campaign.
According to preliminary investigation findings, the attackers were able to access chat histories in the messenger and files sent through it. They also gained access to contact data, including phone numbers stored in Signal. According to the federal government, such data may have been leaked.
As part of the campaign, users received messages allegedly from Signal support, labeled “SignalSecurity Support ChatBots,” claiming that someone was attempting to access “your private data in Signal.”
Recipients were instructed to scan a QR code. This linked another device under attacker control to the Signal account.
After that, attackers could read data from individual chats and groups for up to 45 days and monitor the compromised account in real time.
In March, the Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) of the Netherlands warned that Russian hackers were compromising accounts of Dutch military and government officials on WhatsApp and Signal to steal confidential information.
Dutch intelligence services emphasize that, despite encryption, these messengers are not secure channels for transmitting confidential or classified information.
The MIVD and AIVD also emphasize that Signal never contacts users via the messenger. Any message claiming to be from support is likely a phishing attempt.
In February, Germany’s Defense Ministry introduced strict restrictions on the use of private mobile devices within the department. Private phones, tablets, and smartwatches are banned from meetings where topics classified as “Confidential – for official use only” or higher are discussed.
