An international phishing campaign aimed at users of the messaging service Signal has reportedly reached influential figures within the federal cabinet. According to “Spiegel”, both Education Minister Karin Prien of the CDU and Building Minister Verena Hubertz of the SPD are alleged to have had their Signal accounts compromised.
This development escalates the scope of the detected threat. Previously, “Spiegel” had revealed that Bundestag President Julia Klöckner was also affected by the campaign. The politician, who holds the second-highest state office and is a member of the CDU leadership committee, had reportedly used the Signal group chat for internal government communication, which included Federal Chancellor Friedrich Merz.
The appearance of ministers makes this the first time that cabinet members have been publicly reported as potential victims.
When approached for comment, a spokesperson for Prien stated that the ministry cannot provide information regarding the government’s communication methods. Similarly, a spokesperson for Hubertz emphasized that the ministry operates under clear principles regarding the integrity and security of internal and external communication, stressing a policy of generally not commenting on potential or actual security incidents.
Federal Prosecutor General Jens Rommel has been investigating the long-running international phishing campaign targeting Signal users since February.
The status of the Chancellor’s potential involvement remains unclear. Addressing the matter, Deputy Government Spokesperson Sebastian Hille told the “dts” news agency that the government cannot release information concerning the types of communication methods used within the federal government. However, he assured the public that communications conducted by the federal government, the Chancellor, and federal ministers are carried out on secure channels.
Current intelligence from the Federal Office for Information Security (BSI) and the Federal Office for the Protection of the Constitution (BfV) indicates that an attack is being launched by a “likely state-controlled cyber actor”. This actor is conducting phishing attacks through messaging services, particularly Signal. The high-profile targets focused on include political, military, and diplomatic leaders, as well as investigative journalists throughout Germany.
