German Federal Prosecutor Opens Probe into Signal Phishing Campaign Targeting Politicians and NATO Officials
German prosecutors probe Signal phishing campaign that targeted MPs, journalists, military and NATO officials; agencies warn the attacks are still ongoing.
A federal criminal investigation has been launched into a suspected espionage operation carried out through a Signal phishing campaign that targeted German politicians, journalists and military personnel.
The Federal Public Prosecutor’s Office confirmed it took over the inquiry in mid-February, following public warnings from national security agencies.
Authorities say the operation appears to remain active and has expanded its list of targets, prompting fresh security bulletins.
Federal Prosecutor Opens Espionage Probe
A spokeswoman for the Federal Public Prosecutor’s Office told the German news agency that the office assumed responsibility for the case in mid-February.
The move elevates the matter to Germany’s highest criminal investigative authority and signals that the suspected activity is being treated as potential state-directed espionage.
BfV and BSI Issued Early Warnings
In February, the Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI) issued a joint public alert about a campaign using the Signal messaging platform.
The agencies described the activity as an ongoing cyber operation and later circulated detailed technical guidance after investigators identified specific targeting patterns.
Targets Include Bundestag Members, Journalists and NATO Officials
Reporting by German media indicates the phishing messages reached members of the Bundestag across almost all parliamentary groups.
Journalists, military personnel and officials connected to NATO were also identified among potential victims, broadening the investigation beyond domestic political figures to international security stakeholders.
Security Bulletin Points to State-Sponsored Actor
Official guidance circulated to relevant institutions assessed that the campaign was “likely” conducted by an electronic actor backed by a state, based on current indicators.
Investigators and security services have noted that the operation shows signs of persistence and escalation, prompting heightened vigilance within government and defence networks.
Phishing via Encrypted Messaging Raises New Concerns
Authorities say the attackers exploited the Signal messaging app to deliver socially engineered messages that aimed to compromise accounts or harvest sensitive information.
Because Signal is widely used for secure communications, the abuse of encrypted platforms for phishing complicates detection and response, according to cybersecurity specialists familiar with the case.
National and International Security Implications
The targeting of elected representatives and NATO-associated officials underscores potential ramifications for both domestic politics and alliance security.
Observers say successful compromises of accounts could expose sensitive communications, affect decision-making channels and strain diplomatic relations if state sponsorship is confirmed.
Investigative authorities are coordinating with Germany’s federal security agencies to map the campaign’s scope and to issue mitigation steps to affected institutions.
Both the BfV and BSI have provided technical recommendations to potential targets and are working to identify the infrastructure and origins of the phishing messages.
The federal investigation remains active, and security agencies have urged individuals in public office and related roles to follow the issued precautions and report suspicious communications promptly.
Officials emphasize that confirmation of who is behind the campaign will depend on forensic findings as the probe continues.