Berlin on alert as suspected Russian cyber spies hack politicians through Signal app
Russian hackers have repeatedly targeted top German politicians, diplomats and military officers by trying to hack into their messaging app Signal through “phishing” attacks, top officials have said.
The cyber attackers appear to have posed as an AI tech support chatbot, asking the Signal users – including the president of Germany’s Bundestag – for their passwords and other sensitive account information.
They are then able to access messages, images and files shared on the app and impersonate the accounts’ owners.
Prosecutors launched an espionage investigation into the cyber attacks on Friday. The attacks had allegedly been directed at MPs from several parties, including Julia Klöckner, the Bundestag’s president.
The cyber attackers targeted their phones via the encrypted app, which is considered one of the most secure messaging platforms.
Mr Merz is said to have been in a Signal group chat affected by the attempted hack, but has not had his own account compromised.
The Signal accounts of Karin Prien, the education minister and Verena Hubertz, the construction minister, were attacked in the same way, it has been reported. Civil servants, diplomats and journalists were also targeted.
German government officials say Moscow is the prime suspect behind the phishing campaign.
“The federal government is assuming that the phishing campaign targeting the Signal messaging service was presumably run from Russia,” a government source said.
Germany, Ukraine’s biggest provider of military aid, has been battling a surge of cyber attacks, as well as espionage and sabotage plots since Russia’s full-scale invasion of the country in 2022.
German and foreign security services have been warning for months about the attacks, but the potential fallout is only just becoming clear.
At least 300 accounts belonging to political figures were compromised in the phishing campaign, according to German newspaper Der Spiegel.
Konstantin von Notz, an MP who is deputy chief of the intelligence oversight committee, said on Friday that the scale of the suspected attacks was “extremely worrying”.
“The number of unreported cases will continue to rise in the coming days,” he said. “At present, no one can say with any certainty whether the integrity of MPs’ communications is still guaranteed.”
The Dutch intelligence services warned last month that Russian hackers were posing as an AI tech-support chatbot that asked users of Signal and WhatsApp to reveal their passwords for the apps.
Peter Reesink, the director of the Netherlands’ military intelligence service, said: “Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information.”
In February, two German state agencies, the Federal Office for the Protection of the Constitution (BfV) and Federal Office for Information Security (BSI) issued a joint warning about the Signal phishing campaign.
“The focus is on high-ranking targets in politics, the military and diplomacy, as well as investigative journalists in Germany and Europe,” the agencies said. “Unauthorized access to messenger accounts not only allows access to confidential private communications but also potentially compromises entire networks.”
Russia denies being behind any such campaigns.
Signal is a popular encrypted messaging app that is known for its security and is widely used by politicians and civil servants around the world.
Last year, Pete Hegseth, the American defense secretary, was criticized for using the app to discuss a strike on the Houthis in Yemen.
A group chat featuring Mr Hegseth, JD Vance, the vice-president, and Mike Waltz, the then national security adviser, was later published by The Atlantic after Mr Waltz inadvertently added Jeffrey Goldberg, its editor-in-chief.
Germany has proven one of Russia’s main espionage, sabotage and cyber-attack targets since the war in Ukraine began in 2022.
In the past two years, suspected Russian spies have set fire to arms factories; caused travel chaos by flying drones over airports; and even plotted to assassinate Armin Papperger, the head of German tank producer Rheinmetall.
Berlin is the largest supplier of military aid to Kyiv, having overtaken the US earlier this year.
In December last year, Germany announced that spies from its foreign intelligence agency would be given powers to attack and sabotage enemies of the state for the first time, in a toughening of its security posture.
Researchers at Google Threat Intelligence Group have previously said that APT44, a hacking group that has been linked by the UK and US to Russia’s military intelligence agency, the GRU, had been seeking to gain access to Signal messages.
APT44, also known as Sandworm, is seen as one of Russia’s most dangerous cyber units. It has been linked to attacks on South Korea’s Winter Olympics, interference in US and French elections and targeting the Swiss laboratory investigating the poisoning of Sergei Skripal, a former Russian military intelligence officer who acted as a double agent for Britain’s intelligence services during the 1990s and early 2000s.
Another group, APT28, also known as Fancy Bear, is hijacking Wi-Fi systems to transfer state secrets to the Kremlin, according to British, German and US intelligence. The cyber gang, founded by the GRU is targeting commonly sold wireless routers to steal sensitive data, including on critical infrastructure in Europe.
‘Almost certainly’ Russia
The UK’s National Cyber Security Centre (NCSC), the BfV – the German equivalent of MI5 – and the FBI said Fancy Bear was “almost certainly” linked to Russian intelligence services and was targeting numerous TP-Link products.
Signal was approached for comment. It has previously said its “encryption and infrastructure have not been compromised” by the chatbot phishing campaign.
“To protect people from such phishing, Signal actively warns users against sharing their SMS code and PIN,” a spokesman for the company said in March. “We also want to emphasize that Signal support will never initiate contact via in-app messages, SMS, or social media to ask for your verification code or PIN.”

Editor-in-Chief
Read more similar news:
Comments:
comments powered by Disqus