State-Backed Phishing Attacks Targeting Military Officials and Journalists on Signal

The emergence of state‑sponsored phishing campaigns on encrypted messaging apps marks a new frontier in cyber‑espionage. While Signal touts end‑to‑end encryption, attackers bypass these safeguards by exploiting human factors—posing as official support or leveraging QR codes to hijack accounts. This shift reflects a broader trend where adversaries target the communication layer itself, recognizing that access to real‑time conversations yields richer intelligence than traditional network infiltration. Consequently, organizations must reassess threat models to include social engineering vectors within secure messaging ecosystems.

Technical analysis of the two reported variants reveals distinct operational goals. The first variant coerces victims into revealing their security PIN or one‑time verification code, enabling attackers to register the account on a device they control and instantly lock out the legitimate user. The second variant subtly adds an attacker‑controlled device via a malicious QR code, granting persistent, covert access to messages and group chats without immediate detection. Both approaches facilitate reconstruction of professional networks, allowing adversaries to map relationships, identify additional high‑value targets, and potentially conduct follow‑on attacks or disinformation campaigns by impersonating compromised users.

German authorities’ mitigation guidance underscores the importance of layered defenses. Users should never share PINs, verify the authenticity of support communications, and regularly audit linked devices within the app. Enabling registration locks and scrutinizing QR code usage further reduces exposure. Beyond individual precautions, enterprises and government bodies must integrate secure messaging policies, conduct regular awareness training, and monitor for anomalous account activity. As attackers broaden their focus to platforms like WhatsApp, the imperative for comprehensive, user‑centric security strategies becomes paramount to safeguard sensitive diplomatic and journalistic communications.