Listen to the article
Germany Accuses Russia of Orchestrating Sophisticated Signal Phishing Campaign
German authorities believe Russia is behind an extensive phishing operation targeting Signal messaging accounts of high-ranking politicians, military personnel, and journalists, according to a government spokesperson. Federal prosecutors launched a preliminary investigation in mid-February 2026, examining what they suspect to be acts of foreign espionage.
While the German government has yet to formally attribute the attacks to Russia, the campaign aligns with a pattern of increased cyber aggression that Western officials have linked to Moscow since its full-scale invasion of Ukraine in February 2022.
Der Spiegel magazine reported approximately 300 Signal accounts belonging to individuals within Germany’s political sphere were compromised, citing governmental sources. Two cabinet ministers were reportedly among the targets, though official confirmation of specific victims remains unavailable.
The attackers employed sophisticated social engineering tactics to gain unauthorized access. According to Der Spiegel, targets received messages from what appeared to be a Signal security chatbot, warning of suspicious account activity and urging immediate action. Users who followed the instructions—entering PINs or scanning QR codes—unknowingly linked their accounts to devices controlled by the hackers.
This breach granted attackers comprehensive access to the victims’ communications, allowing them to read past conversations, monitor ongoing chats, and access contact lists and other sensitive data stored in the application.
Germany’s domestic intelligence service (BfV) and the federal cybersecurity authority (BSI) issued public warnings about the phishing campaign in February, describing it as “likely being carried out by a state-controlled cyber actor.” The German press agency dpa reported that authorities took the additional step of personally contacting several politicians to warn them about potential compromises.
The campaign appears to extend beyond German borders. In March, Dutch intelligence and security services alerted the public that “Russian state hackers are engaged in a large-scale global cyber campaign to gain access to Signal and WhatsApp accounts belonging to dignitaries, military personnel and civil servants.” The Dutch warning specifically mentioned that government employees in the Netherlands were targeted, and journalists may have also been compromised.
When approached for comment, the Russian embassy in Berlin did not respond to inquiries from the Associated Press. Moscow has consistently denied allegations of international espionage activities.
In what appears to be an unrelated but significant diplomatic development, German Ambassador to Russia Alexander Graf Lambsdorff was summoned to the Russian Foreign Ministry on Monday morning. According to dpa, the summons concerned alleged contacts between German politicians and terrorist organizations. No connection has been established between this diplomatic incident and the revelations about the Signal phishing attacks.
“I will, of course, comply with the summons. I consider it unlikely that the Russian side will be able to substantiate its accusations,” Lambsdorff stated before the meeting. Relations between Germany and Russia have deteriorated significantly in recent years, particularly following Russia’s invasion of Ukraine and subsequent sanctions imposed by Western nations.
This cyberattack campaign represents the latest chapter in an escalating digital conflict that security experts have described as “the new normal” in international relations. Signal, known for its end-to-end encryption and strong security features, has become increasingly popular among government officials and journalists handling sensitive information, making it an attractive target for state-sponsored hackers seeking intelligence.
Cybersecurity analysts suggest that such phishing campaigns highlight the growing sophistication of state actors who, rather than attempting to break encryption, exploit human vulnerabilities through social engineering tactics. The incident also underscores the critical importance of digital security awareness among high-ranking officials and the need for robust verification protocols even when using encrypted messaging platforms.
Fact Checker
Verify the accuracy of this article using The Disinformation Commission analysis and real-time sources.
9 Comments
The suspected Russian involvement in these Signal phishing attacks is concerning but not surprising given the geopolitical tensions. Protecting high-level communications should be a top national security objective for the German government.
Compromising the accounts of senior German officials through phishing tactics is a bold and troubling move, if the Russian government is indeed behind it. Robust cybersecurity protocols are essential to safeguarding sensitive information in the digital age.
While the details are still emerging, the scale of this phishing campaign targeting German politicians is alarming. I hope the investigation can shed more light on the attackers’ motives and methods to help prevent future incidents.
Yes, understanding the full scope and intent behind these attacks will be crucial for developing effective countermeasures. Cybersecurity remains a critical priority for governments worldwide.
This is a concerning development. Phishing attacks targeting high-level officials are a serious threat to national security. It’s crucial that the German government thoroughly investigates the origin of these attacks and takes necessary steps to protect its leaders and sensitive communications.
Phishing attacks targeting politicians and government officials pose serious risks to national security. The German authorities must thoroughly investigate the source of these Signal breaches and take all necessary measures to secure their communications channels.
Sophisticated social engineering tactics used in these Signal phishing attacks demonstrate the level of technical expertise behind them. It’s unsurprising that Russia is suspected, given their history of cyber aggression against Western nations. Robust cybersecurity measures are essential to mitigate such threats.
Agreed. The German government must work quickly to secure their communications channels and educate officials on recognizing phishing attempts.
While the details are still emerging, the reported scale of this phishing campaign against German political figures is alarming. I hope the investigation can uncover the full extent of the breach and the attackers’ motivations.