**State-Backed Phishing Attacks Target Military Officials and Journalists on Signal**
German authorities warn of a sophisticated phishing campaign targeting senior politicians, military officials, diplomats, and investigative journalists across Germany and Europe via Signal.
The alert, issued by the Federal Office for the Protection of the Constitution (BfV) and Federal Office for Information Security (BSI), indicates that the attacks are likely perpetrated by a state-controlled cyber actor. However, non-state actors and financially motivated cybercriminals can also exploit this approach.
How the Attacks Work
The attackers pose as official Signal support, using names such as "Signal Support" or "Signal Security ChatBot." They send messages to their targets, claiming there is a security problem that requires urgent attention. The message often includes a request for a security PIN or a one-time verification code, which the attacker claims will prevent data loss and unauthorized access.
However, if the victim complies with this request, they inadvertently hand over control of their account to the attacker. This allows the attacker to register the account on a device under their control and effectively take it over. The attacker can then read messages, monitor conversations, and even send messages while pretending to be the victim.
The alert also describes a second variant of the attack, where the attacker tries to convince the target to scan a QR code. Supposedly for a legitimate reason, the code links an additional device to the victim's account, allowing the attacker to gain ongoing access to private chats and group conversations.
Consequences of Successful Attacks
The authorities warn that successful access to messenger accounts can expose sensitive discussions, map out entire professional networks, and facilitate further intelligence-gathering or criminal activities. The attackers can also compromise entire networks via group chats, reconstruct sensitive contact structures, and send messages while pretending to be the victim.
Protecting Yourself from These Attacks
The German authorities advise Signal users not to respond to messages from supposed support accounts and to block and report them immediately. They also recommend enabling account protection features such as registration locks and regularly reviewing devices connected to their accounts (Settings > Linked Devices).
If you suspect or know that you have been targeted, contact the authorities for assistance. Remember to never share PINs or one-time verification codes via messages.
Stay Informed
Subscribe to our breaking news e-mail alert to stay up-to-date on the latest breaches, vulnerabilities, and cybersecurity threats. Sign up now and never miss out on critical information!