The German government suspects Russia is behind a series of phishing attacks on the encrypted messaging platform Signal, targeting high-ranking politicians, military personnel, and journalists, a government spokesperson confirmed. The attacks, which came to light in February 2026, are under preliminary investigation by federal prosecutors on suspicion of espionage.
Scope of the attacks
Approximately 300 Signal accounts belonging to individuals in the political sphere were compromised, according to German magazine Der Spiegel, citing governmental sources. The victims included two government ministers, though their names have not been officially confirmed. The attackers used a fake Signal security chatbot that prompted users to enter a PIN or scan a QR code, thereby linking their accounts to an external device controlled by the hackers. This allowed the attackers to read past chats, monitor ongoing conversations, and access address books and other stored data.
Official warnings and response
In February 2026, Germany’s domestic intelligence service (BfV) and the federal cybersecurity authority (BSI) issued a public warning about the phishing campaign, describing it as “likely being carried out by a state-controlled cyber actor.” German authorities also personally contacted several politicians to alert them of potential compromises. The Russian embassy in Berlin did not respond to requests for comment, and Moscow has repeatedly denied engaging in espionage against other countries.
Separately, the German ambassador to Russia, Alexander Graf Lambsdorff, was summoned to the Russian Foreign Ministry on Monday morning over alleged contacts between German politicians and terrorist organizations, though no direct link to the Signal attacks has been established. Lambsdorff stated he would comply with the summons but considered it unlikely that Russia could substantiate its accusations.
Broader context
Germany and other European nations have faced increased cyberattacks and malign activities attributed to Russia since Moscow’s full-scale invasion of Ukraine in February 2022. In March 2026, Dutch intelligence and security services warned that “Russian state hackers are engaged in a large-scale global cyber campaign to gain access to Signal and WhatsApp accounts belonging to dignitaries, military personnel, and civil servants.” Dutch government employees and journalists were among the potential targets.
The German government has not officially attributed the Signal attacks to Russia, but the investigation continues. Relations between Berlin and Moscow remain tense, with this incident further straining diplomatic ties.
