German security agencies have issued an urgent warning about a large-scale cyber-espionage campaign targeting senior officials, military personnel, diplomats, and journalists across Europe, as reported by Cyber Security News
The Federal Office for the Protection of the Constitution and the Federal Office for Information Security reported that the attacks are carried out by hackers linked to state structures. The perpetrators use sophisticated social engineering techniques to hack Signal messenger accounts, aiming to monitor private conversations and intercept confidential political and military communications. Unlike typical attacks, no viruses are used, allowing the hackers to bypass most antivirus programs.
The first method relies on impersonating support services. Hackers create fake security chatbot accounts and contact the victim, claiming suspicious activity or a data leak. To “resolve” the issue, they ask the user to provide a six-digit PIN code. Once the victim shares the code, the attackers register the phone number on their device, completely locking out the legitimate owner and gaining the ability to send messages in their name.
The second attack method is more covert and allows spying on the user for several weeks without blocking their access. Hackers, under a plausible pretext—such as inviting the victim to join a group—ask them to scan a QR code. In reality, the code is a request to link a new device. If the user scans it, the hacker’s computer or tablet connects to their account. After that, the attacker can quietly read all new messages and access chat history from the past month and a half.
Authorities emphasize that the goal of these attacks is intelligence gathering and mapping the social networks of influential individuals, not financial gain. Since the campaigns exploit legitimate messenger functions, security experts strongly advise all users in at-risk areas to immediately check the list of connected devices in their app settings. Law enforcement also reminds everyone never to share verification PIN codes with anyone, even if they claim to be support staff.
