Germany\u2019s top security agencies issued an urgent warning yesterday regarding a sophisticated cyber espionage<\/a> campaign targeting high-ranking officials and journalists across Europe. <\/p>\n The Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI) revealed that state-sponsored hackers are hijacking Signal accounts to spy on private communications.\u200b<\/p>\n The joint advisory, released <\/a>February 6, identifies the primary targets as military personnel, diplomats, politicians, and investigative journalists. <\/p>\n Unlike traditional hacks that use malware or exploit software bugs, this campaign relies entirely on \u201csocial engineering\u201d, tricking victims into using legitimate features against themselves.\u200b<\/p>\n The first attack method involves hackers posing as \u201cSignal Support\u201d or a \u201cSignal Security ChatBot.\u201d <\/p>\n They contact targets directly within the app, claiming suspicious activity or a data leak <\/a>has occurred on the victim\u2019s device. <\/p>\n To \u201cfix\u201d the problem, the fake support bot asks the user to verify their identity by sending a PIN code.\u200b<\/p>\n If a victim shares this six-digit code, the hackers immediately register the victim\u2019s phone number on a new device they control. <\/p>\n This locks the legitimate user out of their own account while giving the attackers complete control to impersonate the victim in future chats.\u200b<\/p>\n The second method is more subtle and allows hackers to spy on chats without locking the user out. <\/p>\n Attackers use a plausible pretext, such as a request to join a group or verify a device, to trick the victim into scanning a QR code.\u200b<\/p>\n Technically, this QR code<\/a> is a \u201cdevice linking\u201d request. When a victim scans it, they inadvertently authorize the hacker\u2019s tablet or computer to link to their account. <\/p>\n Once connected, the attacker can silently read all new messages and view chat history from the past 45 days. <\/p>\n This access often persists for weeks because the victim\u2019s phone usually continues to work, masking the intrusion.\u200b<\/p>\n Authorities believe a \u201cstate-controlled cyber actor\u201d is behind the campaign, given the specific focus on high-value intelligence targets rather than financial theft. <\/p>\n The goal appears to be espionage, involving the mapping of social networks <\/a>and the interception of sensitive political and military discussions.\u200b<\/p>\n Because the attacks use valid Signal features rather than viruses, they bypass most antivirus software. <\/p>\n Security officials urge all users to check their \u201cLinked Devices\u201d list in Signal settings immediately and never to share verification PINs with anyone, even accounts claiming to be support staff.\u200b<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Hackers Linked to State Actors Target Signal Messages of Military Officials and Journalists<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nThe \u201cFake Support\u201d Trap<\/strong><\/h2>\n
![\"Fake](\"https:\/\/i0.wp.com\/cybersecuritynews.com\/wp-content\/uploads\/2026\/02\/image-9.png?resize=280%2C201&ssl=1\")
The Silent QR Code Spy<\/strong><\/h2>\n