Germany Warns of Signal Account Hijacking Attacks Targeting Politicians & Journalists

Germany’s domestic intelligence agency has issued a serious cybersecurity warning about suspected state-sponsored phishing attacks targeting high-ranking individuals via encrypted messaging apps like Signal.

The advisory was jointly released by the Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI) after observing multiple targeted campaigns across Germany and Europe.

What Makes These Attacks Dangerous

Unlike traditional cyberattacks, these campaigns:

• Use no malware

• Exploit no technical vulnerabilities

• Rely entirely on social engineering and legitimate app features

Attackers impersonate official Signal support accounts or automated chatbots to gain trust and create urgency.

Two Confirmed Attack Methods

1. Full Signal Account Takeover

In this method, attackers send fake security alerts pretending to be Signal support. Victims are tricked into sharing:

• Signal PIN

• SMS verification codes

Once obtained, attackers register the account on their own device, lock out the victim, and gain full access to messages and contacts.

2. Linked Device (QR Code) Espionage

Here, attackers convince the target to scan a QR code, abusing Signal’s legitimate linked device feature.
This silently pairs the victim’s account with the attacker’s device, allowing:

• Real-time chat monitoring

• Access to group chats

• Access to contact lists

Because the victim’s account continues to function normally, these attacks often go unnoticed.

Who Is Being Targeted

According to German authorities, the primary targets include:

• Politicians

• Military officers

• Diplomats

• Investigative journalists

Security researchers note that similar techniques were previously used by Russian state-aligned threat groups and later adopted by cybercriminals for scams and fraud.

Platforms at Risk

While attacks were confirmed on Signal, authorities warn that WhatsApp and other messaging apps with multi-device support could be abused using the same technique.

How to Protect Yourself

German authorities strongly recommend:

• Never responding to support messages inside Signal or WhatsApp

• Blocking and reporting suspicious accounts immediately

• Enabling Signal Registration Lock (Settings → Account)

• Regularly reviewing Settings → Linked Devices

• Removing any unknown or suspicious devices

Signal has confirmed that it never contacts users directly via messages.

Final Thoughts

This campaign highlights a growing trend where attackers bypass technical defenses by exploiting human trust and built-in app features. Even the most secure messaging platforms can be compromised if users are tricked into giving access.

Staying alert, verifying requests, and reviewing linked devices regularly are now essential steps for digital security.