WhatsApp’s linked-device feature presents similar vulnerabilities, with techniques seen in campaigns by state-aligned groups and in criminal campaigns like GhostPairing.

Victims often do not realize their communications are being monitored, highlighting the stealthy nature of the phishing methods.

Official guidance and notices are available on Verfassungsschutz and BSI websites, outlining incidents and recommended steps for affected users.

There is no named perpetrator, but indicators point to a potentially state-sponsored operation targeting high-profile European figures.

The phishing campaign targets Signal users and has been issued as a warning by Germany’s Verfassungsschutz and the Federal Office for Information Security (BSI).

Security agencies suspect possible state involvement, with victims including politicians, military personnel, and journalists across Europe.

Signal users are urged to stay vigilant, as attackers may exploit legitimate features rather than software flaws, and they should not rely on notifications from unknown support contacts.

Users should be cautious about security codes or verification messages and verify requests independently, since legitimate security tools are being misused by attackers.

Germany’s security authorities warn of a likely state-backed hacking group conducting phishing attacks against senior political figures, military officials, diplomats, and investigative journalists in Germany and Europe via the Signal app.

Breaches can grant attackers access to contact lists, current and past chats, and potentially up to 45 days of chat history, as well as monitoring future communications.

Once inside, attackers can read private chats, access group conversations, and obtain contacts, enabling broader intelligence gathering and potential criminal activity.

The campaign is currently active and security-relevant, with risks of account compromise and, in a second variant, reading and impersonating messages to reach additional victims.