German Federal Prosecutors Investigate Signal Phishing Campaign Targeting Politicians and Officials
Introduction
German federal prosecutors have started an investigation into a series of phishing attacks aimed at users of the Signal messaging app. The targets include high-ranking politicians, civil servants, diplomats, and journalists. The inquiry, announced on April 24, is based on initial suspicion of espionage.
Main Body
The investigation was launched by the German Federal Prosecutor's Office after reports of a coordinated phishing campaign. According to the prosecution service, the probe began in mid-April. The office did not give specific details about suspects or the full number of targets. However, media reports and statements from lawmakers show that the attacks have affected members of several political parties, including the Christian Democratic Union (CDU), the Social Democratic Party (SPD), and the Left Party (Die Linke). Notably, the Signal account of Bundestag President Julia Klöckner, a CDU member, was successfully hacked. An attempt to access the account of Chancellor Friedrich Merz was reportedly unsuccessful. The method of attack involves phishing messages that look like they come from Signal's support team, asking for sensitive account information. The attackers do not use malware or exploit technical weaknesses. Instead, they use the app's legitimate security features combined with social engineering to gain unauthorized access to individual and group chats, as well as contact lists. Once they have access, they can view shared files and photos and pretend to be the compromised user. The German domestic intelligence service (BfV) and the Federal Office for Information Security (BSI) have issued warnings about this campaign since early 2024. They note that it is still active and growing. Who is responsible for the attacks has been a topic of discussion. In March, Dutch intelligence services publicly identified Russian state actors as responsible. German authorities have not officially named a perpetrator, but suspicion has focused on Russia, which denies involvement. CDU lawmaker Marc Heinrichmann, who chairs the parliamentary committee overseeing intelligence services, described the phishing attempt as a 'wake-up call' and emphasized the need for alertness. Another CDU parliamentarian, Konstantin von Notz, expressed concern that the scale of the attacks raises questions about the security of parliamentary communications. The German government has stated that communications among the chancellor, ministers, and government officials are conducted via secure channels. This campaign takes place against a background of increased cyber and espionage activities targeting Germany, which has been a major military aid provider to Ukraine since Russia's full-scale invasion in 2022. German security services have previously accused hackers linked to Russian military intelligence of infiltrating internet routers and targeting air traffic control systems, as well as spreading disinformation ahead of the 2025 federal elections. The shift of many users from WhatsApp to Signal, driven by privacy concerns, may have expanded the potential attack surface.
Conclusion
The investigation into the Signal phishing campaign is ongoing. German authorities are working to determine the full extent of the compromise and identify those responsible. The incident highlights the persistent cybersecurity challenges facing German political and governmental institutions amid increased political tensions.