German Prosecutors Open Espionage Probe into Signal Phishing Campaign Targeting Lawmakers and NATO Officials
German prosecutors have opened an espionage investigation into a Signal phishing campaign that targeted politicians, journalists, military figures and NATO officials. The Signal phishing campaign is now being handled by the federal public prosecutor after initial warnings from Germany’s domestic intelligence and cybersecurity agencies. Authorities say the operation appears sophisticated and remains active, prompting fresh security bulletins and advice for potential targets. The probe aims to establish who stands behind the campaign and how widely systems and accounts have been compromised.
German Public Prosecutor Takes Lead
The federal public prosecutor in Germany took over the investigation in mid‑February amid growing concern about the Signal phishing campaign. A spokesperson for the office confirmed the case was elevated to the highest federal prosecutorial authority and that investigative work is under way. Prosecutors are coordinating with intelligence and cybersecurity bodies as they seek to determine whether criminal activity amounts to state‑level espionage. The decision to centralise the inquiry reflects the potential national‑security implications.
BfV and BSI Issued Early Warnings
Germany’s domestic intelligence service (BfV) and the Federal Office for Information Security (BSI) issued an initial public warning about the campaign in February. Those agencies said the attack chain exploited the encrypted messaging app Signal to deliver targeted phishing messages to prominent individuals. In a subsequent security bulletin released last week, both agencies provided more detailed mitigation steps for affected communities and for those at heightened risk. Officials emphasised vigilance and specific measures to harden accounts and devices.
Parliamentarians, Journalists and NATO Among Targets
Reporting has indicated that members of the Bundestag from nearly all parliamentary groups were among those targeted by the Signal phishing campaign. Media outlets also reported that journalists, military personnel and NATO officials were hit by the same operation, enlarging the scope beyond domestic political actors. The breadth of targets has intensified concerns about information theft and influence operations aimed at policy‑makers and defence institutions. Authorities are therefore treating the matter as both a criminal and an intelligence threat.
Indicators Point to State‑Backed Actor
Security briefings accompanying the warnings stated it is “likely” that a state‑backed entity is behind the campaign, according to the published bulletins. Current data suggests the operation remains active and may be gaining momentum, which has prompted the federal prosecutor to prioritise the case. Investigators are analysing technical artefacts, message provenance and behavioural patterns to attribute the activity while avoiding premature public attribution. The classification as potential state‑sponsored espionage raises the stakes for both legal response and diplomatic handling.
Modus Operandi and Technical Concerns
The campaign used Signal as the initial vector to engage high‑value targets, leveraging the app’s encrypted messaging to mask the phishing activity. Although Signal provides end‑to‑end encryption for message content, attackers can still attempt to compromise devices, trick recipients into revealing credentials, or deploy secondary exploits after initial contact. Cybersecurity agencies warned that the use of an encrypted platform can complicate detection and that metadata and account compromise remain realistic threats. Officials have urged organisations to review device hygiene, multi‑factor authentication, and incident response plans.
Investigative Coordination and Guidance for Officials
Federal prosecutors are working with BfV, BSI and other partners to collect forensic evidence, interview affected individuals and trace the operation’s infrastructure. The joint security bulletins included targeted guidance for politicians, diplomats, military personnel and journalists, recommending immediate steps to secure communications and report suspected compromises. Authorities also signalled they will share relevant findings with allied services to build a clearer picture of the campaign’s origin and objectives. Legal proceedings and potential criminal charges will depend on the evidence gathered during the probe.
The spread of the Signal phishing campaign underlines the evolving nature of espionage in the digital age, where encrypted platforms can be used by adversaries to reach decision‑makers directly. German investigators face technical and diplomatic challenges as they work to attribute responsibility and to protect institutions and individuals from further compromise. Continued cooperation among security agencies and transparent guidance to at‑risk communities will be central to containing the operation and reducing harm.