Germany’s Federal Office for the Protection of the Constitution and Federal Office for Information Security warned that state-linked actors are targeting high-profile accounts on Signal, the encrypted messaging service. The findings come from a joint report by the two German security authorities on threats against political figures, journalists, activists, and other public-facing individuals.
The agencies said attackers are attempting to gain access to accounts by manipulating authentication processes rather than breaking Signal’s encryption. Reported methods include phishing messages, social engineering, and attempts to trick users into sharing registration or verification codes linked to their accounts.
According to the German authorities, some attacks involve fake messages or calls that appear to come from trusted contacts or service providers. These messages ask targets to provide time-sensitive codes or to follow login instructions. If a code is shared, attackers can register the victim’s phone number on another device and take control of the account.
The report states that these campaigns focus on individuals whose communications may hold political or informational value. Targets include people involved in government, media, civil society, and international affairs. The agencies did not publicly name specific victims.
Signal uses end-to-end encryption so that messages can be read only by the sender and recipient. The German authorities said the observed attacks do not break this encryption but instead exploit user trust and account recovery features. In this model, the weakest point is the handling of authentication credentials.
The Federal Office for Information Security advised users to treat verification codes as confidential and not share them with anyone. It also recommended enabling additional device security, such as screen locks, and keeping software up to date. The Federal Office for the Protection of the Constitution said awareness of social engineering tactics is important for people in sensitive roles.
The agencies described the activity as part of broader cyber and intelligence efforts by foreign state actors. They said such operations often combine technical and psychological methods to gain access to communications.
No weaknesses in Signal’s core encryption were reported in connection with these incidents. The warning focuses on account-level compromise through deception rather than flaws in the messaging protocol.