Podcast Episode
The second method abuses Signal's legitimate device-linking feature. Attackers convince targets to scan a malicious QR code, which secretly pairs the victim's account with an attacker-controlled device. This grants silent access to messages, group chats, and contact lists for up to 45 days without alerting the victim.
Germany Warns of State-Backed Signal Phishing Targeting Top Officials and Journalists
February 8, 2026
Audio archived. Episodes older than 60 days are removed to save server storage. Story details remain below.
Germany's top security agencies have issued an urgent joint advisory about an ongoing state-backed phishing campaign using the Signal messaging app. The attacks target politicians, military officers, diplomats, and investigative journalists across Europe using social engineering rather than malware or software exploits.
German Security Agencies Sound the Alarm on Signal Phishing
Germany's Federal Office for the Protection of the Constitution (BfV) and Federal Office for Information Security (BSI) have published an urgent joint advisory warning of an ongoing phishing campaign targeting high-profile Signal users across Europe. The advisory, released on 6 February 2026, describes attacks by what authorities believe is a likely state-sponsored threat actor.Two Distinct Attack Methods
The campaign uses two approaches, neither of which involves malware or exploiting software vulnerabilities. In the first variant, attackers impersonate Signal support under names like "Signal Support" or "Signal Security ChatBot," sending urgent warnings about suspicious account activity. Victims are pressured into sharing their Signal PIN or SMS verification code, allowing attackers to register the account on their own device and lock out the legitimate user.The second method abuses Signal's legitimate device-linking feature. Attackers convince targets to scan a malicious QR code, which secretly pairs the victim's account with an attacker-controlled device. This grants silent access to messages, group chats, and contact lists for up to 45 days without alerting the victim.
Wide-Ranging Targets
The campaign has hit politicians, military officers, diplomats, and dozens of investigative journalists at major outlets including Die Zeit, Correctiv, and netzpolitik.org. Amnesty International's Security Lab confirmed that journalists, politicians, and civil society members across Germany and Europe have been targeted, with some incidents traced back to November 2025.Links to Russian Intelligence
While German authorities stopped short of naming a specific nation, the techniques closely mirror those documented in Russian cyber operations. In February 2025, Google's Threat Intelligence Group warned that multiple Russia-aligned groups, including the elite Sandworm unit, were exploiting Signal's linked devices feature to compromise Ukrainian military and government accounts.Recommended Protections
Authorities advise users to never respond to messages claiming to be from Signal support, enable Signal's Registration Lock feature, regularly audit linked devices, and never share PINs or verification codes. The BSI noted that similar attacks could also target WhatsApp users, since the app offers comparable device-linking functionality.Published February 8, 2026 at 1:25pm