The German government suspects Russia is behind a series of phishing attacks on Signal targeting high-ranking politicians, including two government ministers, military personnel and journalists, a government spokesperson said.
Federal prosecutors have been conducting a preliminary investigation since mid-February 2026 into alleged cyberattacks on Signal accounts, a spokesperson for the federal prosecutors confirmed on Saturday.
Among other things, the investigation involves an initial suspicion of espionage, she added, without specifying which country might be involved.
The German government has still not officially attributed the attacks to Russia.
Germany and other European countries have been under increased pressure from cyberattacks and other malign activity linked to Russia by Western officials since Moscow’s full-scale invasion of Ukraine in February 2022.
Around 300 Signal accounts belonging to individuals within the political sphere were compromised in the attacks, German magazine Der Spiegel reported, quoting governmental sources.
There is no official confirmation of the names of the victims.
According to Der Spiegel, the targeted users received messages from a fake Signal security chatbot that informed them of suspicious activity on their accounts and asked them to take immediate action. If the user followed the instructions, including entering a PIN or scanning a QR code, their Signal accounts were linked to an external device controlled by the hackers.
This allowed the attackers to read past chats, follow ongoing conversations and even see address books and other data stored by the users.
In February, Germany’s domestic intelligence service BfV and the federal cybersecurity authority BSI had issued a public warning about such a phishing campaign, saying it was “likely being carried out by a state-controlled cyber actor.” According to the German press agency dpa, German authorities also contacted several politicians personally to warn them such attacks may have happened.
In March, Dutch intelligence and security services also warned that “Russian state hackers are engaged in a large-scale global cyber campaign to gain access to Signal and WhatsApp accounts belonging to dignitaries, military personnel and civil servants.”
Targets include Dutch government employees, the Dutch authorities warned at the time, and journalists may also have been targeted.
The Russian embassy in Berlin did not respond to an AP request for comment. Moscow has repeatedly denied it is spying on other countries.
Alexander Graf Lambsdorff, the German ambassador to Russia, was summoned to the Russian Foreign Ministry on Monday morning, dpa reported, regarding alleged contacts between German politicians and terrorist organizations. No connection has been made between the summons and the German media revelations about the Signal phishing attacks.
“I will, of course, comply with the summons. I consider it unlikely that the Russian side will be able to substantiate its accusations,” Lambsdorff said in advance. Relations between the two countries have been tense for years.
Related: New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages
Related: Russian APT Hits Ukrainian Government With New Malware via Signal
Related: How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying
