Overview
- Germany’s domestic intelligence service (BfV) and cybersecurity agency (BSI) issued a coordinated warning on February 9, assessing the campaign as ongoing and likely state-directed.
- The operation targets high-value profiles including politicians, diplomats, journalists, and military personnel, though any user could be affected.
- Messages impersonate Signal staff, claim suspicious activity, and prompt identity confirmation using an SMS verification code or a QR scan originally meant for device transfer or desktop linking.
- Successful takeovers let intruders read and send messages, view contact lists, and either lock victims out or maintain covert access without immediate detection.
- Authorities advise ignoring unsolicited support contacts, never sharing SMS codes, enabling Signal’s registration lock, scanning only self-initiated QR codes, and reviewing linked devices, noting the method could also be applied to WhatsApp or Telegram.