Germany’s domestic intelligence agencies warn that suspected state-sponsored actors are conducting phishing attacks via messaging apps like Signal to target politicians, military officers, diplomats, and investigative journalists across Germany and Europe. The attackers exploit legitimate features—tricking victims into sharing PINs or scanning QR codes to pair attacker-controlled devices or perform full account takeovers, prompting an advisory from the BfV and BSI. #Signal #WhatsApp #Sandworm #GhostPairing #BfV #BSI #CERT-UA
Keypoints
- Attackers impersonate support staff or chatbots to socially engineer targets without using malware.
- There are two variants: full account takeover via PIN/SMS codes and device pairing via QR codes to monitor chats.
- Signal’s linked-device feature is being abused, and WhatsApp has similar functionality that could be exploited.
- The advisory from BfV and BSI is intelligence-based and urges users to block and report fake support accounts.
- Users should enable Signal’s Registration Lock and regularly review linked devices to remove any unknown entries.