German Federal Prosecutors Investigate Signal Phishing Campaign Targeting Politicians and Officials

Apr 24, 2026, 15:38

Introduction

German federal prosecutors have initiated an investigation into a series of phishing attacks directed at users of the Signal messaging application, with high-ranking politicians, civil servants, diplomats, and journalists among the targets. The inquiry, announced on April 24, is based on preliminary suspicion of espionage.

Main Body

The investigation was launched by the German Federal Prosecutor's Office following reports of a coordinated phishing campaign. According to statements from the prosecution service, the probe began in mid-April. The office declined to provide specific details regarding suspects or the full extent of the targets. However, media reports and statements from lawmakers indicate that the attacks have affected members of several political parties, including the Christian Democratic Union (CDU), the Social Democratic Party (SPD), and the Left Party (Die Linke). Notably, the Signal account of Bundestag President Julia Klöckner, a CDU member, was successfully compromised. An attempt to access the account of Chancellor Friedrich Merz was reportedly unsuccessful. The method of attack involves phishing messages that appear to originate from Signal's support team, requesting sensitive account information. The attackers do not employ malware or exploit technical vulnerabilities; instead, they leverage the application's legitimate security features combined with social engineering to gain unauthorized access to individual and group chats, as well as contact lists. Once access is obtained, the perpetrators can view shared files and photos and impersonate the compromised user. The German domestic intelligence service (BfV) and the Federal Office for Information Security (BSI) have issued warnings about this campaign since early 2024, noting that it remains active and is gaining momentum. Attribution of the attacks has been a subject of discussion. Dutch intelligence services publicly identified Russian state actors as responsible in March. German authorities have not officially named a perpetrator, but suspicion has focused on Russia, which denies involvement. CDU lawmaker Marc Heinrichmann, who chairs the parliamentary committee overseeing intelligence services, described the phishing attempt as a "wake-up call" and emphasized the need for vigilance. Another CDU parliamentarian, Konstantin von Notz, expressed concern that the scale of the attacks raises questions about the integrity of parliamentary communications. The German government has stated that communications among the chancellor, ministers, and government officials are conducted via secure channels. The campaign occurs against a backdrop of increased cyber and espionage activities targeting Germany, which has been a major military aid provider to Ukraine since Russia's full-scale invasion in 2022. German security services have previously accused hackers linked to Russian military intelligence of infiltrating internet routers and targeting air traffic control systems, as well as spreading disinformation ahead of the 2025 federal elections. The shift of many users from WhatsApp to Signal, driven by privacy concerns, may have expanded the potential attack surface.

Conclusion

The investigation into the Signal phishing campaign is ongoing, with German authorities working to determine the full scope of the compromise and identify those responsible. The incident underscores persistent cybersecurity challenges facing German political and governmental institutions amid heightened geopolitical tensions.

Vocabulary Learning

attribution (n.)

the action of regarding something as being caused by a particular person or thing歸因；歸責

Example:Attribution of the attacks has been a subject of discussion.

compromise (v.)

to cause something to be vulnerable or to have its security breached入侵；攻破

Example:The Signal account of Bundestag President Julia Klöckner was successfully compromised.

espionage (n.)

the practice of spying or using spies to obtain secret information間諜活動

Example:The investigation was based on preliminary suspicion of espionage.

impersonate (v.)

to pretend to be another person for fraudulent purposes冒充；假冒

Example:Once access is obtained, the perpetrators can impersonate the compromised user.

leverage (v.)

to use something to maximum advantage, especially for a purpose利用；借助

Example:The attackers leverage the application's legitimate security features combined with social engineering.

Sentence Learning

The attackers do not employ malware or exploit technical vulnerabilities; instead, they leverage the application's legitimate security features combined with social engineering to gain unauthorized access to individual and group chats, as well as contact lists.

Semicolon and Parallel Structure: This sentence uses a semicolon to contrast two independent clauses, creating a balanced rhetorical effect. The second clause employs parallel verb phrases ('leverage... combined... to gain') and a complex noun phrase ('the application's legitimate security features combined with social engineering') to express a multi-step attack method.分號與平行結構：此句使用分號對比兩個獨立子句，營造平衡的修辭效果。第二子句運用平行動詞短語（「利用……結合……以獲取」）及複雜名詞短語（「應用程式的合法安全功能結合社交工程」）來表達多步驟的攻擊手法。

The German domestic intelligence service (BfV) and the Federal Office for Information Security (BSI) have issued warnings about this campaign since early 2024, noting that it remains active and is gaining momentum.

Participial Phrase: The sentence ends with a participial phrase ('noting that...') that provides additional information about the warning. This structure allows the writer to pack a subordinate clause into a compact, non-finite form, enhancing lexical density.分詞短語：句子以分詞短語（「指出……仍然活躍且正在增強」）結尾，提供關於警告的額外資訊。此結構讓作者將從屬子句壓縮成非限定形式，提升詞彙密度。

German authorities have not officially named a perpetrator, but suspicion has focused on Russia, which denies involvement.

Non-restrictive Relative Clause: The relative clause 'which denies involvement' is non-restrictive (set off by a comma) and adds extra information about Russia. This structure is typical of formal writing, allowing the author to insert commentary without disrupting the main clause.非限制性關係子句：關係子句「俄羅斯否認參與」是非限制性的（以逗號分隔），補充關於俄羅斯的額外資訊。此結構常見於正式寫作，讓作者在不打斷主要子句的情況下插入評論。

The campaign occurs against a backdrop of increased cyber and espionage activities targeting Germany, which has been a major military aid provider to Ukraine since Russia's full-scale invasion in 2022.

Relative Clause and Participial Phrase: The sentence contains a participial phrase ('targeting Germany') modifying 'activities', and a non-restrictive relative clause ('which has been...') modifying 'Germany'. This layering of modifiers creates a dense, information-rich structure typical of C2-level writing.關係子句與分詞短語：此句包含修飾「活動」的分詞短語（「針對德國」）以及修飾「德國」的非限制性關係子句（「自2022年俄羅斯全面入侵以來一直是……的主要軍事援助提供者」）。這種修飾語的層疊創造出資訊密集的結構，是C2等級寫作的典型特徵。

The investigation into the Signal phishing campaign is ongoing, with German authorities working to determine the full scope of the compromise and identify those responsible.

Absolute Construction with 'with': The phrase 'with German authorities working...' is an absolute construction that provides a concurrent circumstance. It uses a present participle ('working') and parallel infinitive phrases ('to determine... and identify...'), adding complexity without a finite verb.帶有「with」的絕對結構：短語「德國當局正在努力確定……並找出……」是絕對結構，提供同時發生的情況。它使用現在分詞（「努力」）和平行不定式短語（「確定……並找出……」），在無需限定動詞的情況下增加複雜性。