Germany warns of state-linked phishing campaign targeting journalists, government officials

Steven

Germany warns of state-linked phishing campaign targeting journalists, government officials

Summary

Germany’s domestic intelligence agency (BfV) and the federal cybersecurity office (BSI) have issued a joint advisory warning of a suspected state-controlled phishing campaign that uses messaging apps — primarily Signal — to target senior political, military and diplomatic figures, as well as investigative journalists across Europe. Attackers aim to gain persistent access to private messaging accounts to monitor confidential communications and potentially compromise wider networks.

Key Points

  • Targets include senior political, military and diplomatic officials and investigative journalists across Europe.
  • Campaign relies on social engineering rather than malware, abusing legitimate messaging features.
  • Two main tactics: impersonating support/bot messages to obtain PINs or SMS codes, and persuading victims to scan QR codes that link their account to an attacker-controlled device.
  • Signal is the current focus, but methods could be applied to other platforms with similar device-linking features such as WhatsApp.
  • Germany did not name a specific actor but said the profile of targets and technique suggests a state-controlled cyber actor; techniques could also be replicated by cybercriminals.

Content summary

The advisory says attackers impersonate official support teams or automated chatbots, sending urgent messages that claim private data is at risk and request security PINs or SMS verification codes. In the QR-code variant, victims are tricked into linking their account to a device controlled by the attacker, giving ongoing access to contact lists, recent message history and future communications. The piece also notes previous research showing Signal’s popularity among military, government and journalistic users makes it a high-value espionage target, citing prior campaigns tied to Russian state-backed actors. Signal did not comment for the story.

Context and relevance

As secure messaging becomes standard for sensitive communication, attackers have shifted from exploiting software flaws to exploiting human trust and legitimate app features. This advisory underlines a wider trend: threat actors prefer lightweight, reliable social-engineering techniques that bypass technical defences. For journalists, diplomats and officials the risk is both loss of confidentiality and a stepping stone to broader network compromise — so it matters for press freedom, national security and incident response teams.

Why should I read this?

Because if you use Signal (or talk to people who do) this is exactly the kind of sneaky trick that’ll let attackers read your messages without installing malware. It’s clever, low-effort social engineering using built-in app features — and that makes it easier to fall for. Read this to know what to watch out for and stop the simple stuff before it becomes a big leak.

Author style

Punchy — the reporting highlights a clear, present threat and why the details matter. Given the likely state-level targeting, the article makes a strong case to read the full advisory and act: don’t shrug this off as ‘just another phishing attempt’.

Source

Source: https://therecord.media/germany-warns-phishing-campaign-signal-gov-officials-journalists