Thought Leadership
Phishing attack on Signal: Who is behind the attacks on politicians and journalists? The trail leads to Russia, but officially the German federal government remains reserved.
The German federal government assumes that Russia is behind the ongoing spying campaign against politicians, military personnel and journalists. According to government sources, the phishing campaign via the messenger service Signal was presumably steered from Russia.
In the Bundestag presidium, meanwhile, consideration is being given to switching to the messenger service Wire in the future. Bundestag Vice President Andrea Lindholz spoke out in favor of making this app available not only to the Bundestag administration but also to all members of parliament. “We find ourselves in a threat situation in which we should give preference to a European provider, for reasons of sovereignty alone,” the CSU politician told the Süddeutsche Zeitung. On 5 May, the topic will be on the agenda of the Commission for Information Technologies and Digitalization (IuD), a body of the Council of Elders of the Bundestag.
Other states also affected
The fact that the German federal government has so far not officially attributed the phishing attack, which also affects individual members of the German federal government, to Russia may be connected to the fact that intelligence findings from allied services are also touched upon here.
The government of the Netherlands, where corresponding attacks had also been detected, had already declared that it sees Russia behind the campaign. According to the FBI’s assessment as well, the attackers are connected to Russian intelligence services. The Federal Public Prosecutor’s Office, which is investigating the suspected espionage in Germany, has so far not commented on a possible mastermind.
Two clear warnings from security authorities
The Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI) had first issued public warnings about the ongoing cyberattack in February. Later they published a further security advisory with concrete instructions for action.
It stated that the campaign was “probably being carried out by a state controlled cyber actor.” The security authorities also approached numerous politicians personally in order to warn them or to help them find out whether attackers had successfully gained access to their account.
dpa
