BERLIN — Tensions between Germany and Russia have taken a new turn following revelations that German federal authorities have identified Russia as the suspected perpetrator behind a coordinated phishing campaign that compromised hundreds of Signal accounts belonging to high-profile German figures, including senior government ministers, military personnel, and leading journalists. A German government spokesperson confirmed the official suspicion in statements to reporters, marking a rare public attribution of state-backed cyber malicious activity ahead of a formal legal investigation conclusion.
The German Federal Public Prosecutor General’s office confirmed Saturday that it launched an initial preliminary probe into the cyber intrusions targeting private Signal accounts back in mid-February 2026. A spokesperson for the prosecutor’s office noted that the investigation is centered on initial allegations of espionage, though the office declined to publicly name the suspected state actor at this stage of the inquiry, and the German government has not yet issued a formal formal attribution of the attacks to Russia.
Since Russia launched its full-scale invasion of Ukraine in February 2022, Germany and other European Union member states have faced a sharp rise in state-linked cyberattacks and other disruptive malicious activity attributed to Russia by Western security officials, creating a persistent threat to European political and governmental infrastructure.
According to reporting from German weekly magazine Der Spiegel, which cited unnamed government sources, the campaign compromised roughly 300 Signal accounts held by individuals active in German political circles. No official list of affected individuals or confirmation of victim identities has been released to the public to date.
Der Spiegel detailed the modus operandi of the phishing operation: targeted users received deceptive messages purporting to originate from Signal’s official security chatbot. The messages falsely claimed the user’s account had shown signs of suspicious activity, and urged immediate action to secure the account. Users who followed the embedded instructions — which included entering their account PIN and scanning a fraudulent QR code — unknowingly granted hackers access to link their accounts to an external device controlled by the threat actors.
Once access was obtained, attackers were able to access the full archive of historical chat messages, monitor real-time ongoing conversations, and view stored user data including contact address books linked to the compromised accounts.
As early as February 2026, Germany’s domestic intelligence agency, the Bundesamt für Verfassungsschutz (BfV), and the federal cybersecurity authority, the Bundesamt für Sicherheit in der Informationstechnik (BSI), issued a public warning about this specific style of phishing campaign, stating that the activity was “likely being carried out by a state-controlled cyber actor.” German news agency DPA also confirmed that German security officials personally contacted at-risk politicians to alert them that their accounts may have already been compromised by the operation.
The German findings align with earlier warnings from neighboring European security services. In March 2026, Dutch intelligence and security agencies issued a public alert confirming that Russian state hackers were running a large-scale global phishing campaign targeting Signal and WhatsApp accounts belonging to international dignitaries, military personnel, and civil servants. Dutch authorities noted that domestic government employees were among the confirmed targets, and that journalists were also considered potential victims of the campaign.
The Associated Press requested comment from the Russian embassy in Berlin regarding the allegations, but received no response. The Russian government has repeatedly and consistently denied accusations that it conducts state-sponsored espionage operations against foreign countries and their political leaders.
In a separate development coinciding with the revelations, German Ambassador to Russia Alexander Graf Lambsdorff was summoned to meet with Russia’s Foreign Ministry on Monday morning, in connection with Russian accusations of improper contacts between German politicians and terrorist organizations. DPA reported that there is no established link between the summons and the newly publicized phishing attack revelations.
Speaking ahead of the meeting, Lambsdorff stated, “I will, of course, comply with the summons. I consider it unlikely that the Russian side will be able to substantiate its accusations.” Relations between Germany and Russia have remained consistently strained for years, with tensions escalating dramatically following the 2022 full-scale invasion of Ukraine.
This report was contributed by Ciobanu, reporting from Warsaw, Poland.