Germany has accused Russia of being behind a large-scale phishing campaign targeting lawmakers, senior government officials and other prominent figures through the encrypted messaging app Signal.
German and foreign security agencies have issued fresh warnings after discovering a sophisticated operation believed to have compromised hundreds of accounts. The campaign is thought to be the work of a state-backed cyber actor, with Berlin pointing to Moscow as the likely source.
“The federal government is assuming that the phishing campaign targeting the Signal messaging service was presumably run from Russia,” a German government source told AFP.
According to officials, the attackers used fraudulent messages disguised as communications from Signal’s support team. Recipients were prompted to enter a PIN, click on a malicious link or scan a QR code. Once access was granted, hackers could take control of the account, gaining entry to private messages, group chats, photos and shared files.
Cybersecurity experts warn that compromised accounts can also be used to impersonate victims, allowing attackers to spread misinformation or target additional contacts.
Although the government has not released an official figure, German media reports suggest that at least 300 accounts belonging to political figures may have been affected. Authorities expect that number to rise as more cases come to light.
“The number of unreported cases will continue to rise in the coming days,” said Konstantin von Notz, deputy chair of Germany’s parliamentary intelligence oversight committee. “At present, no one can say with any certainty whether the integrity of MPs’ communications is still guaranteed.”
The targets extended beyond politicians. Civil servants, diplomats, military personnel and journalists were also reportedly affected, highlighting the broad scope of the campaign.
Signal gained popularity among officials and privacy-conscious users after concerns emerged over WhatsApp’s data-sharing policies with its parent company, Meta. Its reputation for strong encryption made it a preferred platform for sensitive communications.
The incident has prompted urgent discussions in the Bundestag over digital security protocols. While some lawmakers have called for tighter controls, Bundestag Vice-President Andrea Lindholz has rejected proposals for a ban on Signal, arguing that members of parliament should retain the freedom to choose their communication tools.
Still, officials are considering restrictions on the desktop version of the app on parliamentary computers, citing potential security vulnerabilities.
Germany has faced an increasing number of cyberattacks, espionage attempts and suspected sabotage operations since Russia launched its full-scale invasion of Ukraine in 2022. Berlin has been one of Kyiv’s strongest supporters, providing substantial military and financial assistance.
Russia has repeatedly denied involvement in cyberattacks and other hostile actions across Europe. However, Western intelligence agencies have consistently linked Moscow to a range of digital and covert operations aimed at destabilizing governments and undermining support for Ukraine.
The latest incident is likely to intensify calls for stronger cybersecurity measures across Europe’s political institutions.