The Federal Prosecutor’s Office is investigating suspected espionage in connection with a phishing campaign against, among others, German politicians via the Signal messenger service. This was confirmed by a spokeswoman at the request of the German Press Agency. Accordingly, the highest German law enforcement authority took over the investigation in mid-February. The “Spiegel” first reported.
Read more after the ad
“State-controlled cyber actor”
The Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI) had already publicly warned of the ongoing cyber attack via Signal in February. Last week they published another safety notice with specific instructions. It had previously emerged that a number of journalists, as well as military personnel and politicians, were affected in Germany. The note said the campaign was “likely being conducted by a state-controlled cyber actor.” Current findings show that the campaign remains active and is gaining momentum. According to information from Spiegel, members of virtually all parliamentary groups in the Bundestag are said to be affected by the phishing attacks. NATO members were also the target of the large-scale campaign.
“Campaign still active”
When asked at the federal press conference yesterday, Friday, a spokeswoman for the Federal Ministry of the Interior confirmed again that the attacks were “probably carried out by a state-controlled cyber actor”. Recent findings also showed that the “campaign remains active and gaining momentum.”
How do the attackers proceed?
In order to gain access to the address books and data of certain users, the attackers first send a message asking the user to enter a PIN or navigate to links, including via a QR code. This then enables the actors, among other things, to move around in internal chat groups under a false identity. According to previous publications, this is not a compromise of Signal itself, but rather a careless handling of the service’s security functions.
Read more after the ad
Similar attacks via Signal have also been detected in Great Britain and the Netherlands since last winter. The government of the Netherlands sees Russia behind the campaign. The Federal Prosecutor’s Office initially did not comment on a possible client.
(NO)
