The Federal Public Prosecutor’s Office in Karlsruhe has launched an investigation into an ongoing phishing campaign targeting users of the messaging application Signal. According to statements from the agency, the probe concerns suspicions of intelligence agent activity, specifically espionage.
The seriousness of the breach was highlighted Tuesday, when it was reported that the Signal account belonging to Bundestag President Julia Klöckner (CDU) was successfully compromised by the attackers. This event is considered highly significant because Klöckner also serves as a member of the CDU executive committee, and other members and key figures of the party group, including Chancellor Friedrich Merz, also communicate via Signal.
While employees from the Federal Office for the Protection of the Constitution (BfV) personally visited the Chancellor regarding the matter, the Signal account used by Merz reportedly showed no signs of irregularity, unlike the situation with the Bundestag President.
The investigations in Karlsruhe have reportedly been ongoing since mid-February. At that time, both the BfV and the Federal Office for Information Security first issued a public warning about the ongoing phishing campaign. A recent urgent warning letter addressed to the faction leaders of parties represented in the Bundestag stated that the BfV was already aware of “numerous high-profile cases”. Furthermore, it warned that the actual number of victims is likely much higher.
In addition to high-ranking politicians, business people, and well-known journalists, sources indicate that military personnel affiliated with NATO have also been affected. Citing “military circles” the report notes that Signal accounts belonging to NATO members were briefly taken over by the attackers on private phones by the end of 2025. However, these affected military individuals were reportedly not Bundeswehr members.
The military community was already warned about the scheme by the Military Counterintelligence Service (MAD), which is responsible for espionage defense within the Bundeswehr, on January 6. Furthermore, Dutch intelligence services had previously held Russian state actors responsible for the current wave of attacks in March.