German Federal Prosecutors Investigate Signal Phishing Campaign Targeting Politicians and Officials

Introduction

German federal prosecutors have started an investigation into a series of phishing attacks aimed at users of the Signal messaging app. The targets include high-ranking politicians, civil servants, diplomats, and journalists. The inquiry, announced on April 24, is based on initial suspicion of espionage.

Main Body

The investigation was launched by the German Federal Prosecutor's Office after reports of a coordinated phishing campaign. According to the prosecution service, the probe began in mid-April. The office did not give specific details about suspects or the full number of targets. However, media reports and statements from lawmakers show that the attacks have affected members of several political parties, including the Christian Democratic Union (CDU), the Social Democratic Party (SPD), and the Left Party (Die Linke). Notably, the Signal account of Bundestag President Julia Klöckner, a CDU member, was successfully hacked. An attempt to access the account of Chancellor Friedrich Merz was reportedly unsuccessful. The method of attack involves phishing messages that look like they come from Signal's support team, asking for sensitive account information. The attackers do not use malware or exploit technical weaknesses. Instead, they use the app's legitimate security features combined with social engineering to gain unauthorized access to individual and group chats, as well as contact lists. Once they have access, they can view shared files and photos and pretend to be the compromised user. The German domestic intelligence service (BfV) and the Federal Office for Information Security (BSI) have issued warnings about this campaign since early 2024. They note that it is still active and growing. Who is responsible for the attacks has been a topic of discussion. In March, Dutch intelligence services publicly identified Russian state actors as responsible. German authorities have not officially named a perpetrator, but suspicion has focused on Russia, which denies involvement. CDU lawmaker Marc Heinrichmann, who chairs the parliamentary committee overseeing intelligence services, described the phishing attempt as a 'wake-up call' and emphasized the need for alertness. Another CDU parliamentarian, Konstantin von Notz, expressed concern that the scale of the attacks raises questions about the security of parliamentary communications. The German government has stated that communications among the chancellor, ministers, and government officials are conducted via secure channels. This campaign takes place against a background of increased cyber and espionage activities targeting Germany, which has been a major military aid provider to Ukraine since Russia's full-scale invasion in 2022. German security services have previously accused hackers linked to Russian military intelligence of infiltrating internet routers and targeting air traffic control systems, as well as spreading disinformation ahead of the 2025 federal elections. The shift of many users from WhatsApp to Signal, driven by privacy concerns, may have expanded the potential attack surface.

Conclusion

The investigation into the Signal phishing campaign is ongoing. German authorities are working to determine the full extent of the compromise and identify those responsible. The incident highlights the persistent cybersecurity challenges facing German political and governmental institutions amid increased political tensions.

Vocabulary Learning

alertness (n.)
the state of being watchful and ready to respond警覺性
Example:The lawmaker emphasized the need for alertness.
espionage (n.)
the practice of spying or using spies to obtain secret information間諜活動
Example:The inquiry is based on initial suspicion of espionage.
infiltrate (v.)
to secretly enter or gain access to a place or system滲透
Example:German security services have accused hackers of infiltrating internet routers.
phishing (n.)
a fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity網絡釣魚
Example:The attackers used phishing messages that look like they come from Signal's support team.
unauthorized (adj.)
not having official permission未經授權的
Example:They used social engineering to gain unauthorized access to individual and group chats.

Sentence Learning

The investigation was launched by the German Federal Prosecutor's Office after reports of a coordinated phishing campaign.
Passive Voice: The subject (investigation) receives the action (was launched) by the agent (German Federal Prosecutor's Office). Used to emphasize the action or when the agent is less important.被動語態:主語(調查)接受動作(被啟動),由施動者(德國聯邦檢察院)執行。用於強調動作或施動者不重要時。
The Signal account of Bundestag President Julia Klöckner, a CDU member, was successfully hacked.
Passive Voice with past tense: 'was successfully hacked' indicates the account was the target of hacking. The agent is omitted.被動語態過去式:'was successfully hacked' 表示帳戶被黑客攻擊,施動者省略。
The method of attack involves phishing messages that look like they come from Signal's support team, asking for sensitive account information.
Defining Relative Clause with 'that': 'that look like they come from Signal's support team' specifies which phishing messages. It is essential to identify the noun.限定性關係從句用'that':'that look like they come from Signal's support team' 具體說明是哪種釣魚信息,對名詞起限定作用。
CDU lawmaker Marc Heinrichmann, who chairs the parliamentary committee overseeing intelligence services, described the phishing attempt as a 'wake-up call'.
Non-defining Relative Clause with 'who': 'who chairs the parliamentary committee...' adds extra information about Marc Heinrichmann. It is set off by commas.非限定性關係從句用'who':'who chairs the parliamentary committee...' 提供關於 Marc Heinrichmann 的額外信息,用逗號分隔。
German authorities have not officially named a perpetrator, but suspicion has focused on Russia, which denies involvement.
Contrast using 'but': connects two contrasting ideas (not naming perpetrator vs suspicion on Russia). Also includes a relative clause 'which denies involvement'.用'but'表示對比:連接兩個對比的想法(未指名嫌疑人 vs 懷疑俄羅斯)。同時包含關係從句'which denies involvement'。