Signal phishing warning: Trigger likely attack on Julia Klöckner
Julia Klöckner has apparently fallen victim to the Signal phishing attacks, which BfV and BSI warned about again on Wednesday.
(Image: Primakov/Shutterstock.com)
On Wednesday of this week, the Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI) updated and reaffirmed their warning from February about phishing attacks on the Signal messenger targeting high-ranking individuals such as politicians, military personnel, and diplomats, as well as investigative journalists. According to a media report, the second highest-ranking woman in the state, Bundestag President Julia Klöckner, has become the victim of such an espionage attack.
According to Spiegel, several sources have confirmed this. The renewed warning from the security authorities is apparently also due to this. Klöckner not only holds the second highest office in Germany but is also part of the CDU presidium, which also uses Signal chat groups, where Chancellor Friedrich Merz is also a participant. According to the report, Merz was personally informed of the incident by the Federal Office for the Protection of the Constitution. However, unlike Klöckner's, the investigation of the Chancellor's mobile phone revealed no anomalies.
In total, at least 300 affected individuals are now known in Germany. The Federal Office for the Protection of the Constitution had warned the parliamentary group leaders of the parties in the Bundestag and the party headquarters about the ongoing messenger phishing campaign in a 20-page letter on Tuesday, prior to the publicly updated warning.
Phishing scam “Signal Support”
The phishing campaign's scam is based on attackers posing as Signal support, for example, to potential victims and demanding the entry of login credentials. With these, they can take over the accounts – either by adding further devices and secretly reading conversations or by completely hijacking the account and locking out the owners. In the latter case, malicious actors may be able to find further victims or impersonate the victim and communicate with their contacts. The attackers' location points towards Russia; they are presumably Russian state actors.
Videos by heise
BfV and BSI have jointly published a guide intended to help potential victims quickly determine if they have been successfully attacked. In it, the authorities also provide recommendations for action. The guide appears to have been hastily put together and contains illogical tips for one case. If the account has been taken over and owners locked out, they are advised to update the PIN for access, but this cannot work. Contacting the real Signal support is the correct reaction, which is also mentioned as a further step.
(dmk)
