Russia behind Signal phishing campaign that compromised Bundestag President Julia Klöckner - 300+ German officials affected

Der Spiegel reported on April 25 that German government sources now blame Russia for a large-scale Signal phishing campaign that compromised the account of Bundestag President Julia Klöckner. At least 300 Signal accounts of German political figures were targeted; investigators say attackers accessed chat histories, files, and phone numbers. Chancellor Friedrich Merz was in the same CDU group chat as Klöckner but his device showed no signs of compromise. The attack used pure social engineering - operators posed as Signal support and asked victims to share verification codes or PINs.

Check

Brief executives, board members, and political-staff who use Signal that anyone messaging them claiming to be 'Signal support' is hostile - Signal never asks for codes by message.

Affected

Signal users in any role attractive to a state intelligence service: politicians, military, diplomats, defense contractors, investigative journalists, NGOs working on Russia or Ukraine, and the executives and assistants of all of the above. The attack works by tricking users into sharing codes - it does not exploit a Signal flaw.

Fix

Train high-risk staff that Signal will never ask for verification codes via message. Enable Signal's Registration Lock PIN. Periodically check Linked Devices and remove anything unfamiliar. Add detection for Signal phishing pages on perimeter URL filters and add Signal account-takeover scenarios to your tabletop catalogue.