State-Sponsored Phishing Campaign Targets Signal Users

Severity: Critical (Score: 80.0)

Sources: www.verfassungsschutz.de, www.bsi.bund.de

Summary

On April 22, 2026, the BSI and BfV reported an active phishing campaign targeting high-profile individuals in Germany via the Signal messaging app. The campaign, attributed to a likely state-sponsored actor, focuses on political, military, and diplomatic figures, as well as investigative journalists. Users are advised to take immediate action if they suspect their accounts have been compromised, including changing their PINs and enabling two-factor authentication. The phishing attempts exploit vulnerabilities in messaging services, allowing unauthorized access to private communications and potentially compromising entire chat groups. A joint interactive guide has been published to assist victims in assessing and mitigating risks. The campaign has reportedly gained momentum, indicating an ongoing threat to targeted individuals. Key Points: • State-sponsored actors are conducting phishing attacks via Signal targeting high-profile individuals. • Immediate actions are recommended for users to secure their accounts against potential compromises. • A joint guide from BSI and BfV provides steps for victims to assess and mitigate risks.

Key Entities

• Phishing (attack_type)
• Deutschland (country)
• T1566.003 - Spearphishing Via Service (mitre_attack)
• T1566 - Phishing (mitre_attack)
• Signal (company)