Germany Blames Russia for Signal Phishing Wave Targeting MPs and Officials
Germany Blames Russia for Signal Phishing Wave Targeting MPs and Officials
- Apple’s Native Linux Container Tool Has Arrived — But Can It Really Replace Docker?
- 60% of MD5 Password Hashes Can Be Cracked in Under an Hour with a Single GPU
- Dirty Frag: Root Access on Every Major Linux Distribution — No Patch, No Warning
- Proton Mail: Data Transferred to FBI Again!
- How Close Are Quantum Computers to Breaking RSA-2048?
- What is the best alternative to Microsoft Office?
Germany Blames Russia for
Signal Phishing Wave
Targeting MPs and Officials
A sophisticated social-engineering campaign compromised Signal accounts of hundreds of German politicians, ministers, and military personnel. Berlin has formally attributed the operation to Moscow.
Germany’s domestic intelligence service (BfV) warns that a large number of Signal group chats in the parliamentary sphere are currently being monitored by attackers “almost without being noticed.” All officials with Signal accounts on government-adjacent devices have been advised to enable linked-device auditing and revoke unrecognised sessions immediately.
German federal authorities have formally attributed a sweeping phishing campaign against Signal messaging accounts to Russia, after weeks of mounting evidence that state-level cyber actors infiltrated the private communications of parliamentarians, government ministers, military personnel, and journalists. The German government declared on Saturday that the operation was “presumably run from Russia,” marking one of Berlin’s most direct public attributions of a cyber-espionage campaign to Moscow in recent years.
Der Spiegel, the Hamburg-based investigative magazine that first exposed the extent of the operation, reported that at least 300 accounts belonging to senior political figures were compromised. German federal prosecutors confirmed on Friday that they had opened a formal espionage investigation, which had been quietly under way since mid-April.
- At least 300 Signal accounts of German political figures compromised
- Targets include MPs from nearly all parliamentary factions, ministers, military officers, diplomats, and journalists
- German government formally attributes campaign to Russia (April 25, 2026)
- Federal prosecutors opened espionage investigation in mid-April 2026
- NATO officials were also among those targeted across Europe
- Attack method: social engineering — no malware or technical exploit was used
- The BfV confirmed the phishing campaign has since been stopped
The scale of the breach alarmed legislators. Konstantin von Notz, deputy chief of the parliamentary intelligence oversight committee, told AFP on Friday that the situation was “extremely worrying,” adding that “at present, no one can say with any certainty whether the integrity of MPs’ communications is still guaranteed.” He warned that the number of unreported cases was likely to rise in the coming days.
“At present, no one can say with any certainty whether the integrity of MPs’ communications is still guaranteed.”— Konstantin von Notz, Deputy Chief, Parliamentary Intelligence Oversight Committee
Known Victims
| Name | Role | Status |
|---|---|---|
| Julia Klöckner | President of the Bundestag (Parliamentary Speaker) | Compromised |
| Karin Prien | Federal Minister of Education | Compromised |
| Verena Hubertz | Federal Minister of Construction | Compromised |
| Arndt Freytag von Loringhoven | Former BND (Intelligence) Vice President | Targeted |
| Friedrich Merz | Federal Chancellor | Not compromised |
| Multiple NATO officials | Various roles across member states | Targeted |
How the Attack Works
Unlike conventional cyberattacks that rely on software vulnerabilities, this campaign exploited Signal’s own legitimate security features through pure social engineering — making it particularly difficult for technical defences to detect or block.
Signal responded publicly, stressing that it will never ask users for account PINs or verification codes through messages or social media, and urging all users to audit their linked devices regularly and revoke any they do not recognise.
Broader European Context
The German incidents form part of a much wider pattern. Security agencies across Europe had been tracking a surge in Signal-based phishing attempts since late 2025, with comparable attacks reported in multiple NATO member states. Germany, which serves as Ukraine’s largest military aid donor in Europe, has been a particularly high-value target for Russian hybrid operations since Moscow’s full-scale invasion of Ukraine in February 2022.
In March 2026, former BND Vice President Arndt Freytag von Loringhoven — whose published work focuses specifically on Russian hybrid warfare tactics — was contacted by an attacker posing as Signal support and asked for his PIN. He quickly warned his contacts not to open any links sent from his account and deleted the compromised account entirely. Investigators believe he was identified as a high-value target precisely because of his expertise on Russian information operations.
The BfV noted that the same technique is theoretically applicable to WhatsApp and other messaging platforms that use device-linking features. Officials said the phishing campaign targeting Signal has now been stopped, though they declined to specify what technical or legal measures were used to do so.
“The federal government is assuming that the phishing campaign targeting the Signal messaging service was presumably run from Russia.”— German Government Spokesperson, April 25, 2026
Official Response
The German government moved quickly on multiple fronts. The BfV domestic intelligence agency and the BSI federal cybersecurity office issued a joint advisory briefing all Bundestag members. Chancellor Friedrich Merz was personally briefed by the BfV; an examination of his phone found no signs of compromise. A government spokesperson emphasised that official government communications — including those of the Chancellor and all federal ministers — are conducted exclusively through separately secured, government-managed channels rather than consumer applications like Signal.
Federal prosecutors confirmed they have been conducting a formal espionage investigation since mid-April 2026. While they declined to name suspects or specific targets publicly, the investigation is understood to cover the full extent of the known compromises.
Germany has a long history of being targeted by Russian state cyber actors. The most prominent prior incident occurred in 2015, when computers belonging to the Bundestag and the office of then-Chancellor Angela Merkel were breached in an operation later attributed to the GRU military intelligence unit.
This article is based on reporting by Der Spiegel, AFP, Reuters, and official statements from the German federal government, the BfV, and the BSI. All information reflects the state of knowledge as of 25 April 2026.
