German Federal Prosecutor Probes Widespread Signal Phishing Targeting Top Politicians

Germany's Federal Prosecutor's Office in Karlsruhe has opened an investigation into a large-scale phishing campaign targeting Signal messenger users in German politics, media, and public administration, on suspicion of espionage. A spokeswoman for the authority confirmed the investigation to multiple news outlets on Friday, noting that proceedings were initiated as early as mid-February 2026, when German security services first issued public warnings about the attacks. Several members of the Bundestag have had their Signal accounts compromised in recent days, with confirmed cases spanning multiple parliamentary groups. The attacks do not exploit a technical vulnerability in Signal itself, but instead rely on social engineering: victims are deceived into believing they are being contacted by Signal support, after which attackers gain full access to their chats, groups, photos, and shared files. Once inside a compromised account, attackers can also impersonate the account holder within Signal.

Bundestag President among confirmed victims Bundestag President Julia Klöckner, a member of the CDU, was named by Der Spiegel as one of the affected politicians, a report that drew particular attention given her position as the highest-ranking official in the German parliament. The CDU parliamentary group declined to comment on the matter after Klöckner was identified. Spiegel also reported that Klöckner was a member of a Signal group chat belonging to the CDU federal executive board, which includes Chancellor Friedrich Merz. The federal government declined to address whether Merz's communications had been affected, stating it does not comment on the Chancellor's means of communication. The SPD parliamentary group confirmed on Thursday that "a few" of its members of parliament were affected, and the Left Party followed on Friday with a similar acknowledgment. Parliamentary manager Ina Latendorf confirmed to AFP that "a few" Left Party members of parliament had been compromised. The Greens and the AfD stated they had no knowledge of cases among their own representatives, while the Union faction made no statement.

Russia blamed as concern spreads through Berlin's political class Marc Henrichmann, chairman of the Parliamentary Control Panel in the Bundestag and a CDU member, attributed the attacks directly to Russia. „The latest phishing attempt from Russia against German politicians and journalists is a wake-up call for all of us” — Marc Henrichmann via AFP International news agencies had previously identified Russia as the origin of the phishing campaign, and foreign security services have also pointed to Russian involvement, according to reporting by stern.de. Konstantin von Notz, deputy chairman of the Parliamentary Oversight Panel and a Greens politician, warned that the scale of the breach was likely larger than currently known. „Whether the integrity of the communication of members of parliament is currently still guaranteed is something nobody can say with certainty at the moment” — Konstantin von Notz via AFP Von Notz described the dimension of the known Signal hack as "definitely very worrying" and said it must be assumed that the number of unreported cases would continue to rise in the coming days. German and foreign security services had been warning for months about the phishing wave targeting politicians, officials, diplomats, military personnel, and journalists.

No Signal ban planned, but desktop restrictions under review Bundestag Vice President Andrea Lindholz of the CSU ruled out a blanket ban on Signal for members of parliament, telling the news portal Politico that all members are ultimately free in their choices and "everyone can in principle do what they want." However, Lindholz indicated that authorities were examining whether restrictions might be placed on the use of Signal's desktop version on Bundestag computers. The extent to which the broader government apparatus may already be affected remained unclear as of Friday. The Federal Prosecutor's Office's decision to take over the investigation signals the seriousness with which German authorities are treating the matter, as the Karlsruhe office typically handles only cases with national security implications. The investigation was formally opened on suspicion of espionage, though no charges have been announced. Security services in Germany, the Netherlands, and the United States, including the FBI, had previously issued warnings about the phishing technique being used against Signal users.

Signal is an end-to-end encrypted messaging application widely used by politicians, journalists, and security-conscious users across Europe and North America. German federal authorities and parliamentarians have increasingly relied on encrypted messaging services for sensitive communications in recent years. The phishing technique used in this campaign — impersonating platform support to hijack accounts — does not require breaking Signal's encryption, making it particularly difficult to defend against through technical means alone.