German Government Attributes Signal Messenger Phishing Attacks to Russian Actors

The German government has identified Russia as the likely source behind a recent wave of phishing attacks targeting users of the Signal messenger app, including politicians, military personnel, and journalists. This attribution follows an investigation initiated after the Federal Prosecutor’s Office of Germany reported the cyber incidents.

Scope and Methodology of the Phishing Attacks

The attacks exploited social engineering tactics, with perpetrators impersonating Signal’s technical support staff to gain access to victims’ accounts. Once compromised, attackers used these accounts to infiltrate group and private chats, amplifying the breach by misleading contacts into further disclosing sensitive information or granting account access.

“The recent phishing attempts originating from Russia against German politicians and journalists serve as a warning for all sectors,” said Marc Henrichmann, chairman of the parliamentary oversight committee for intelligence services.

According to multiple media reports, nearly all parliamentary factions in the Bundestag, members of NATO and Bundeswehr forces, as well as prominent journalists, have been affected. Notably, high-profile victims include Federal Education Minister Karin Prien, Federal Construction Minister Verena Hubertz, and Bundestag President Julia Klöckner, a senior figure in the Christian Democratic Union (CDU).

Although Chancellor Friedrich Merz’s Signal account was reportedly targeted, German intelligence agencies found no evidence of compromise upon reviewing his device.

Government Response and Investigation

German security authorities have informed the victims and successfully halted further data leakage from compromised devices. Investigations are ongoing, with officials cautioning that the actual number of affected Signal users may be higher than currently known.

Government representatives have declined to comment in detail on internal communication security measures, citing the importance of preserving the integrity and confidentiality of both domestic and foreign communications.

Strategic Implications

This event highlights the increasing use of sophisticated cyber tactics by state actors to target high-ranking officials and critical communicative infrastructure. The attack reflects broader geopolitical tensions and underscores the urgent need for enhanced cybersecurity protocols within government and related sectors.

It also raises key questions regarding the resilience of encrypted communication platforms like Signal in the face of targeted espionage campaigns. Organizations and public institutions may need to reassess their operational security strategies and invest in more robust countermeasures to mitigate such threats.