BERLIN – The German government is pointing fingers at Russia as the likely culprit behind a series of phishing attacks targeting Signal accounts of high-profile individuals, including two government ministers, military officials, and journalists, according to a government spokesperson.
Federal prosecutors have been investigating these alleged cyber intrusions since mid-February 2026. A spokesperson confirmed on Saturday that the investigation is in its preliminary stages, focusing on potential espionage activities but stopped short of naming any specific nation involved.
While the German government has not officially blamed Russia for the attacks, suspicions linger. The ongoing probe reflects growing concerns over cyber threats attributed to Russia, especially since the full-scale invasion of Ukraine by Moscow in February 2022.
According to a report from Der Spiegel, citing government sources, approximately 300 Signal accounts linked to political figures were breached during these cyber assaults.
Germany and other European countries have been under increased pressure from cyberattacks and other malign activity linked to Russia by Western officials since Moscow’s full-scale invasion of Ukraine in February 2022.
Around 300 Signal accounts belonging to individuals within the political sphere were compromised in the attacks, German magazine Der Spiegel reported, quoting governmental sources.
There is no official confirmation of the names of the victims.
According to Der Spiegel, the targeted users received messages from a fake Signal security chatbot that informed them of suspicious activity on their accounts and asked them to take immediate action. If the user followed the instructions, including entering a PIN or scanning a QR code, their Signal accounts were linked to an external device controlled by the hackers.
This allowed the attackers to read past chats, follow ongoing conversations and even see address books and other data stored by the users.
In February, Germany’s domestic intelligence service BfV and the federal cybersecurity authority BSI had issued a public warning about such a phishing campaign, saying it was “likely being carried out by a state-controlled cyber actor.” According to the German press agency dpa, German authorities also contacted several politicians personally to warn them such attacks may have happened.
In March, Dutch intelligence and security services also warned that “Russian state hackers are engaged in a large-scale global cyber campaign to gain access to Signal and WhatsApp accounts belonging to dignitaries, military personnel and civil servants.”
Targets include Dutch government employees, the Dutch authorities warned at the time, and journalists may also have been targeted.
The Russian embassy in Berlin did not respond to an AP request for comment. Moscow has repeatedly denied it is spying on other countries.
Alexander Graf Lambsdorff, the German ambassador to Russia, was summoned to the Russian Foreign Ministry on Monday morning, dpa reported, regarding alleged contacts between German politicians and terrorist organizations. No connection has been made between the summons and the German media revelations about the Signal phishing attacks.
“I will, of course, comply with the summons. I consider it unlikely that the Russian side will be able to substantiate its accusations,” Lambsdorff said in advance. Relations between the two countries have been tense for years.
———
Ciobanu reported from Warsaw, Poland.
Copyright 2026 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.
