Spying on Signal Messenger: Government Officials Affected

German prosecutors have launched a spying investigation into phishing attacks targeting lawmakers on the Signal messaging app, with evidence pointing to Russian involvement in a campaign aimed at compromising government communications.

The investigation, initiated on Friday, April 25, 2026, follows a wave of attacks directed at members of parliament from multiple parties, including the speaker of Parliament and a senior member of Chancellor Friedrich Merz’s CDU party. Civil servants, diplomats, and journalists were also reportedly targeted in the operation.

According to the German Federal Prosecutor’s Office, the probe was launched “based on an initial suspicion of espionage.” While no specific country was named in the official statement, investigators and lawmakers quickly linked the campaign to Russia, citing its alignment with broader patterns of cyber aggression since the 2022 invasion of Ukraine.

Marc Heinrichmann, a CDU lawmaker who oversees the country’s intelligence services, described the phishing attempt as a “wake-up call” for German officials. He emphasized that seemingly harmless messages could mask targeted espionage efforts by foreign powers, urging heightened vigilance across government and media sectors.

The attacks operate by sending deceptive messages that appear to come from Signal support, tricking victims into revealing sensitive account information. Once compromised, hackers can access photos, files, and chat histories shared on the app, and potentially impersonate the affected user to manipulate contacts or gain further access to secure networks.

German officials confirmed that the phishing campaign had been halted, though they did not disclose the number of individuals affected. The country remains a leading provider of military aid to Ukraine, a factor that has correlated with increased cyber and espionage activity from Russian-linked actors since 2022.

Many German officials have shifted to Signal in recent years due to privacy concerns surrounding WhatsApp’s data-sharing practices with its parent company, Meta. While Signal offers strong end-to-end encryption, its use by government workers has raised ongoing concerns about compliance with public transparency laws, as messages on such platforms often evade standard archiving and freedom of information requests.

The incident underscores the ongoing tension between secure communication tools and governmental accountability, particularly as encrypted apps become more prevalent among public officials handling sensitive information. German authorities continue to monitor for similar threats while reinforcing cybersecurity protocols across federal and state institutions.