Signal phishing attack compromises Julia Klöckner’s Signal account, sparking security alarm
German Bundestag president Julia Klöckner reportedly had her Signal account compromised in a Signal phishing attack that exposed political group chats and prompted a security response.
Klöckner’s Signal Account Compromised in Reported Phishing Incident
Bundestag President Julia Klöckner is reported to have been the victim of a Signal phishing attack that allowed intruders to access her account. The development was disclosed by Der Spiegel based on multiple anonymous sources and has prompted immediate concern within parliamentary circles.
The report says the compromise was not limited to an individual account but touched group communications used by senior CDU officials. Officials have not publicly confirmed technical details and investigations are said to be ongoing.
CDU Leadership Notified Including Chancellor Merz
According to the reporting, members of the CDU presidium communicate in a Signal group that includes Chancellor Friedrich Merz. The chancellor has been briefed about the incident and his team has reportedly reviewed his device as a precaution.
A magazine source indicated that an inspection of Merz’s phone produced no obvious signs of compromise. CDU officials have been tightlipped while security teams assess potential exposure across party communications.
Verfassungsschutz Flags Likely State-Sponsored Campaign
Germany’s domestic security agency, the Bundesamt für Verfassungsschutz, recently issued warnings about targeted phishing campaigns against Signal users. The agency described the actor behind the campaign as a likely state-directed operator using messenger platforms to phish high-value targets.
Security authorities have emphasized that the attacks focus on senior politicians, military personnel, diplomats, and investigative journalists. Intelligence assessments cited in reporting point to an origin in Russia, though formal attribution remains cautious.
Parliamentary Signal Groups May Be Read Nearly Unnoticed
Internal warnings circulated within security circles suggest that multiple parliamentary Signal groups could be being read by attackers without immediate detection. The Verfassungsschutz warned that ongoing intrusions may have allowed extensive access to internal discussions.
Sources close to the investigation told reporters that the number of known victims in Germany has risen to several hundred. Officials caution that a significant dark figure is likely because sophisticated phishing operations can remain covert for long periods.
Official Responses and Investigation Status
The Bundestag administration declined to confirm or deny specifics about the incident, saying they do not disclose details about security-critical infrastructure. A spokesman stressed standard policy of limited public comment while operational measures continue.
Security teams from state and federal agencies are reported to be coordinating with parliamentary IT units to map exposure and contain any further unauthorized access. Investigators are assessing whether the breach originated from credential theft, social engineering, or exploitation of account recovery flows.
Guidance for Officials and Newsroom Sources
Authorities are advising users who handle sensitive information to exercise heightened caution with unsolicited links and verification requests. Recommended measures include updating messenger apps, enabling additional registration protections, and confirming contacts through secondary channels.
Journalists and officials are being urged to review group memberships, rotate access where possible, and report suspicious activity to designated cyber response teams. Security advisers say simple operational hygiene can limit the damage of targeted phishing campaigns.
The reported compromise of a senior parliamentary account has underscored the vulnerability of encrypted messaging platforms when they are targeted through social engineering and account takeover techniques.
Security services continue to investigate the scope of the intrusions and to notify affected institutions. The event has prompted renewed discussions in Berlin about digital operational security for political communication and the need for clearer guidance on secure messaging practices.
