![\"\"\/](\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/user-icon.svg\"){kind=icon}
Pierluigi Paganini<\/a>\n\t\t\t\t\t\t\t
![\"\"\/](\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\"){kind=icon}
April 28, 2026<\/p>\n\t\t\t\t\t\t![\"\"\/](\"https:\/\/www.europesays.com\/germany\/wp-content\/uploads\/2026\/04\/1777391724_758_Bundestag.jpg\")
<\/p>\n
Suspected Russian phishing via Signal targeted German officials, exploiting trust to access accounts and sensitive political communications.<\/p>\n
A new wave of cyber operations<\/a> targeting European political leadership is once again highlighting how modern espionage increasingly relies on deception rather than technical exploits. Recent investigations by German authorities point to a large-scale phishing campaign conducted via the Signal messaging platform<\/a>, with strong suspicions of Russian involvement.<\/p>\n According to multiple reports [1<\/a>, 2<\/a>, 3<\/a>], the campaign targeted high-profile individuals, including German politicians, ministers, military personnel, diplomats, and journalists. German prosecutors have launched an investigation into what they believe may be a coordinated espionage effort, with early evidence suggesting a state-sponsored actor. <\/p>\n The attack did not rely on malware or vulnerabilities in Signal itself. Instead, it exploited human trust\u2014arguably the weakest link in cybersecurity. Victims were approached through messages impersonating official Signal support or trusted contacts, prompting them to share authentication codes, scan malicious QR codes, or click on crafted links. Once compromised, attackers gained access to private chats, contact lists, and potentially sensitive political discussions. <\/p>\n One of the most notable targets was Julia Kl\u00f6ckner, whose account was reportedly compromised<\/a> through a phishing attempt embedded in what appeared to be a legitimate group chat linked to her political party. The operation also attempted to target German Chancellor Friedrich Merz, although no compromise was confirmed in that case. <\/p>\n Authorities estimate that hundreds of accounts may have been affected. While Berlin has not formally attributed the campaign, intelligence sources increasingly point toward Russian involvement, consistent with a broader pattern of cyber activities aimed at European democracies.<\/p>\n \u201cThe German government suspects Russia is behind a series of phishing attacks on Signal targeting high-ranking politicians, including two government ministers, military personnel and journalists, a government spokesperson said.<\/p>\n \u201cFederal prosecutors have been conducting a preliminary investigation since mid-February 2026 into alleged cyberattacks on Signal accounts, a spokesperson for the federal prosecutors confirmed on Saturday. Among other things, the investigation involves an initial suspicion of espionage, she added, without specifying which country might be involved.\u201d reads the report<\/a> published by the Associated Press.<\/p>\n \u201cThe German government has still not officially attributed the attacks to Russia.\u201d<\/p>\n This incident is not isolated. Over the past decade, Western intelligence agencies have repeatedly linked Russian state-backed groups to cyber espionage and influence operations targeting political institutions. These activities are part of a broader strategy often described as \u201chybrid warfare,\u201d where cyber operations, disinformation, and psychological tactics are combined to achieve geopolitical objectives without direct military confrontation. <\/p>\n Security experts stress that what makes this campaign particularly concerning is its simplicity and effectiveness. Instead of exploiting software flaws, attackers leveraged legitimate platform features and social engineering techniques. This approach allows them to bypass many traditional security controls and remain largely undetected.<\/p>\n We are witnessing a new phase of hybrid warfare, where attackers don\u2019t need to break encryption\u2014they just trick the user. The human factor has become the primary attack surface.\u201d<\/p>\n Targeting secure messaging platforms like Signal demonstrates how threat actors adapt quickly to changing communication habits. When politicians and officials move to more secure platforms, adversaries follow them. The battlefield is no longer the infrastructure, but the user.\u201d<\/p>\n Another critical aspect is the potential impact. Access to private conversations between political leaders, policymakers, and diplomats can provide strategic intelligence, enable blackmail, or support disinformation campaigns. Even limited breaches can undermine trust in secure communication tools and institutions.<\/p>\n German authorities, including the Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI), have already issued warnings about similar tactics earlier this year. They highlighted that such campaigns are likely ongoing and could expand to other platforms like WhatsApp or Telegram. <\/p>\n The broader implication is clear: cybersecurity is no longer just a technical issue but a geopolitical one. As digital communication becomes central to governance, diplomacy, and decision-making, it also becomes a primary target for intelligence operations.<\/p>\n This campaign serves as a reminder that even the most secure technologies cannot protect against deception if users are not adequately trained and aware. In today\u2019s threat landscape, resilience depends not only on encryption and infrastructure but also on human vigilance.<\/p>\n Follow me on Twitter:\u00a0@securityaffairs<\/a>\u00a0and\u00a0Facebook<\/a>\u00a0and\u00a0Mastodon<\/a><\/p>\n Pierluigi\u00a0Paganini<\/a><\/p>\n (SecurityAffairs<\/a>\u00a0\u2013\u00a0German officials,\u00a0Bundestag<\/a>)<\/p>\n \t\t\t\t\t\t\t\t\t\t\t