Germany Attributes Signal Cyberattack to Russia, Targeting Diplomats and Officials
The German government has formally attributed a large-scale cyberattack on the Signal messaging platform to Russia, revealing that diplomats, politicians, military personnel, and journalists have been compromised since February. According to government sources, the phishing campaign likely orchestrated by Moscow has been contained, though the full extent of the breach remains under investigation.
German federal prosecutors are conducting an espionage probe, with suspicions of Russian involvement long suspected but only now publicly confirmed. The attack employed phishing tactics, tricking victims into divulging credentials or clicking malicious links by impersonating trusted contacts.
Berlin has repeatedly accused Russia of cyber espionage and sabotage, particularly as Germany remains a key military supporter of Ukraine. Konstantin von Notz, a Green Party lawmaker and national security expert, warned that the scale of the breach is "extremely concerning," with concerns that the integrity of parliamentary communications may no longer be secure. He also cautioned that the number of affected individuals could rise as investigations continue.
This incident follows a pattern of Russian cyber operations targeting Western governments, including a 2015 attack on the German Bundestag and Chancellor Angela Merkel’s office. Moscow has consistently denied such allegations.
German Federal Ministry of Defence | Bundesministerium der Verteidigung cybersecurity rating report: https://www.rankiteo.com/company/german-federal-ministry-of-defence-bundesministerium-der-verteidigung
"id": "GER1777134234",
"linkid": "german-federal-ministry-of-defence-bundesministerium-der-verteidigung",
"type": "Cyber Attack",
"date": "2/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Diplomats, politicians, '
'military personnel, journalists',
'industry': 'Public Sector',
'location': 'Germany',
'name': 'German government',
'size': 'National',
'type': 'Government'}],
'attack_vector': 'Phishing',
'data_breach': {'personally_identifiable_information': 'Likely (affected '
"individuals' "
'identities)',
'sensitivity_of_data': 'High (diplomatic, military, '
'political)',
'type_of_data_compromised': 'Credentials, communications'},
'date_detected': '2024-02',
'description': 'The German government has formally attributed a large-scale '
'cyberattack on the Signal messaging platform to Russia, '
'revealing that diplomats, politicians, military personnel, '
'and journalists have been compromised since February. The '
'phishing campaign likely orchestrated by Moscow has been '
'contained, though the full extent of the breach remains under '
'investigation.',
'impact': {'brand_reputation_impact': 'Concern over national security and '
'trust in communications',
'data_compromised': 'Credentials, communications integrity',
'identity_theft_risk': 'High (for affected individuals)',
'operational_impact': 'Compromised parliamentary communications '
'integrity',
'systems_affected': 'Signal messaging platform'},
'initial_access_broker': {'entry_point': 'Phishing (impersonation of trusted '
'contacts)',
'high_value_targets': 'Diplomats, politicians, '
'military personnel, '
'journalists'},
'investigation_status': 'Ongoing',
'motivation': 'Espionage',
'post_incident_analysis': {'root_causes': 'Phishing, credential harvesting'},
'references': [{'source': 'Government sources, media reports'}],
'regulatory_compliance': {'legal_actions': 'Espionage probe'},
'response': {'containment_measures': 'Campaign contained',
'law_enforcement_notified': 'Yes (German federal prosecutors)'},
'stakeholder_advisories': 'Concerns over parliamentary communications '
'integrity',
'threat_actor': 'Russia',
'title': 'Germany Attributes Signal Cyberattack to Russia, Targeting '
'Diplomats and Officials',
'type': 'Cyber Espionage',
'vulnerability_exploited': 'Credential harvesting via malicious '
'links/impersonation'}