Overview
- German officials said they suspect a Russian role in a coordinated phishing campaign that hijacked Signal accounts of politicians, military personnel, and journalists, though no formal attribution has been issued.
- Federal prosecutors have been running a preliminary investigation since mid-February into the account takeovers, which they are treating as a potential espionage offense.
- Attackers posed as a Signal security chatbot and pushed targets to enter a PIN or scan a QR code, which linked the victim’s account to an attacker’s device and let the intruders read chats and view contact lists.
- Der Spiegel reported that about 300 politically connected Signal accounts were compromised, and authorities have not released an official list of victims.
- Germany’s BfV and BSI warned in February that a state-controlled actor was likely behind the campaign, Dutch services in March tied similar activity to Russian state hackers targeting Signal and WhatsApp, and Moscow has denied spying.