The beginning of 2026 has seen a new cyber threat emerge in Europe. German authorities have issued an alert regarding a sophisticated phishing campaign specifically targeting users of the encrypted messaging app Signal, focusing on institutional figures and professionals in sensitive positions.
On February 6, 2026, the Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI) of Germany issued a joint security warning. The alert concerns an ongoing phishing campaign targeting Signal accounts of politicians, military officers, diplomats, and investigative journalists in Germany and other European countries. The attacks use two main social engineering techniques: in some cases, malicious actors pose as Signal technical support members, requesting PIN or verification codes to complete the account theft; in others, they distribute malicious QR codes that, once scanned, link the attacker’s device to the victim’s account.
This campaign is particularly concerning for several reasons. Signal is considered one of the most secure messaging apps, often used for sensitive communications by government officials and journalists. Unauthorized access could allow attackers to read private and group conversations, as well as access victims’ contact lists. German agencies suspect that a state actor is behind this operation, suggesting possible espionage or intelligence gathering motivations. However, details about specific compromised accounts or the precise identity of the attackers have not been revealed at this time.
- To protect against this type of attack, Signal users should:
- Never share verification codes received via SMS, even with people who appear to represent official technical support
- Carefully verify the source of any QR code before scanning it
- Activate additional security features in the app, such as the registration PIN
- Regularly check devices connected to their account
- Key points to remember:
- A phishing campaign is targeting high-profile figures using Signal in Germany and Europe
- Techniques used include fraudulent requests for verification codes and the use of malicious QR codes
- State-sponsored actors are suspected to be involved, although no specific successful attacks have been revealed
Sources:
https://www.ctrlaltnod.com/news/state-hackers-target-european-officials-in-signal-takeover-campaign/
https://www.bleepingcomputer.com/news/security/germany-warns-of-signal-account-hijacking-targeting-senior-figures/
https://cyberinsider.com/germany-warns-of-signal-account-attacks-targeting-high-profile-figures/
Source: BleepingComputer