A phishing campaign targeting users of the messaging service Signal has reportedly reached the highest levels of the German federal government. According to the newspaper “Spiegel”, prominent federal cabinet members are affected, specifically Minister of Education Karin Prien (CDU) and Minister of Building Verena Hubertz (SPD), whose Signal accounts are believed to have been compromised.
This confirms the widening scope of the attack wave. Earlier this week, “Spiegel” had already revealed that Bundestag President Julia Klöckner was a victim of the campaign. Klöckner, who holds the second-highest office in the state and is a member of the CDU executive committee, was previously known to communicate via a Signal group chat that included Federal Chancellor Friedrich Merz.
The inclusion of both Hubertz and Prien marks the first time cabinet ministers have been reported as suspected victims of the phishing attack.
When approached for comment, the spokespersons for both ministers maintained strict confidentiality. Prien’s representative stated that they could not provide information regarding the government’s communication methods. Similarly, Hubertz’s spokesperson emphasized that the ministry adheres to clear principles regarding the integrity and security of internal and external communications, stating that they generally do not comment on potential or actual security incidents.
The Special Prosecutor, Jens Rommel, has been investigating the ongoing international phishing campaign targeting Signal users since February. While the specific extent of the Chancellor’s involvement remains unclear, the Deputy Government Spokesman, Sebastian Hille, declined to comment on the specific manner or means of communication within the federal government. However, Hille reassured the public that communication among the federal government, the Chancellor, and the ministers always takes place via secure channels.
Current findings from the Federal Office for Information Security (BSI) and the Federal Office for the Protection of the Constitution (BfV) indicate that a “likely state-sponsored cyber actor” is conducting these phishing attacks through messaging services, particularly Signal. The campaign’s targets focus on high-ranking figures in politics, the military, and diplomacy, alongside investigative journalists in Germany.