politico.eu
April 1, 2026 8:54 pm CET
By Zoya Sheftalovich, Sam Clark and Sebastian Starcevic
European Commission department chiefs and their deputies were told to stop gabbing on the encrypted app following a series of cyberattacks on the EU’s internal communications.
BRUSSELS — The European Commission has told some of its most senior officials to shut down a Signal group they were using to exchange information over fears it was a hacking target.
Department chiefs and deputy chiefs were members of the group chat on the encrypted messaging app, according to three Commission officials with knowledge of the issue. The embargo comes as the EU grapples with a series of spying allegations, with the Commission saying last week it was investigating a cyberattack on its websites.
“Cyber operations” are “increasing in quality and quantity” including from both data-hungry criminals and foreign governments, said Sven Herpig, a cybersecurity and emerging threats researcher at German think tank Interface. “Politicians and political parties have always been targeted” by spies and snoops, he added.
The Commission became aware of the group chat last month and asked its members to delete it fearing they could be targeted by hackers, two of the officials said. There is no evidence any member of the group was intercepted, and the order to stop using the chat was issued due to increasing security concerns about messaging apps in the institution, one of the officials said. Last month, a private telephone conversation between a POLITICO reporter and an EU official was intercepted and published online.
Two other Commission officials and one of the officials mentioned above, all of whom were granted anonymity to speak freely about sensitive matters, confirmed that members of commissioners' cabinets and other senior bureaucrats had received messages asking them to enter their Signal PIN codes, which were identified as phishing attempts.
“Signal is pretty secure, but if an attacker owns your phone, they might have access to your chats, including your pictures and everything else you have on your phone,” Herpig said. “If you want to communicate as a politician, as a parliamentarian … you don’t have any better options."
Users of the messaging app WhatsApp have also been targeted, although attempted hacks have lately been more common in Signal, two of the officials said.
The Commission's official guidance for its employees suggests they should avoid WhatsApp and instead use Signal, which cybersecurity experts regard as more secure.
A Commission spokesperson said: "We do not comment on internal security practices. We take cybersecurity risks very seriously and have clear internal guidelines for our staff."
The institution is taking the recent spate of attacks seriously, holding comprehensive cybersecurity assessments and regularly replacing officials' phones and devices, two Commission officials said.
The Commission is investigating a cyberattack on its websites, with early findings suggesting some data was stolen, the institution said Friday. In January the Commission said it had found evidence of a cyberattack on the technical infrastructure it uses to manage its mobile devices, which “may have resulted” in hackers gaining access to staff names and mobile numbers.
Hacking and Signal vulnerability is an issue not just for the Commission. Intelligence services in the Netherlands warned last month of a “large-scale global cyber campaign,” in which hackers from the Kremlin posed as a fake Signal support chatbot to trick officials into revealing their app PIN codes. French, German, Portuguese and British security services issued similar alerts.
“The best option you have right now is Signal, Threema, and after that, to a certain degree, WhatsApp,” said Herpig of Interface. Threema is a Swiss-developed encrypted messaging app.
Signal and WhatsApp lack features required for government comms, said Matthew Hodgson, chief executive of Element, a company that built tech used by multiple European governments for secure messaging apps. "You can't kick somebody out of a WhatsApp group if they get fired from the government. You have no single sign-on, no authentication access control … you have a single point of failure."
The use of Signal by government officials drew a spotlight last year after the editor-in-chief of U.S. magazine The Atlantic was accidentally added to a Signal group chat containing some of the most senior members of the U.S. government, including Vice President JD Vance, in which they discussed detailed military plans — in a breach of security dubbed Signalgate. The episode highlighted the extent to which commercial messaging apps have become embedded in government operations.
politico.eu – POLITICO
March 25, 2026 1:48 am CET
By Zoya Sheftalovich
“Our internal reviews have found no evidence that any devices, networks or systems have been compromised,” POLITICO says in email to staff.
BRUSSELS ― POLITICO launched a security review after a private telephone conversation between one of its reporters and an EU official about issues connected to Hungary and Ukraine was apparently intercepted and the recording published online.
The nine-minute audio clip, from a call that took place on March 3, was uploaded to YouTube on March 16. It has been listened to 5,100 times, according to YouTube data.
“Our internal reviews have found no evidence that any devices, networks or systems have been compromised,” Kate Day, POLITICO’s senior executive editor in Europe, and Carrie Budoff Brown, POLITICO’s executive editor and executive vice president, said in an email to employees on Wednesday.
“We will not be intimidated by an apparent attempt to interfere with independent reporting — nor deterred from the important work we do,” they wrote. “We have always been and will remain vigilant in protecting our sources, supporting the work of our journalists, and maintaining the accuracy of our independent, nonpartisan reporting.”
The issue comes at a time when leaks of confidential EU information are in the spotlight ahead of the Hungarian general election on April 12. In a report on Saturday, the Washington Post said that Viktor Orbán’s government maintained close contacts with Moscow throughout the war in Ukraine, and Hungarian Foreign Minister Péter Szijjártó used breaks during meetings with other member countries to update his Russian counterpart.
A spokesperson for the EU institution where the official works declined to comment on “tapes produced by unknown and anonymous actors.” POLITICO is not identifying the EU official because the call wasn’t on the record.
POLITICO has not been able to determine how the recording may have been obtained and who was responsible for posting it to YouTube.
‘Chilling message’
Several Slovak and Hungarian news websites wrote articles about the recording and published partial transcripts.
“Hacking and the disclosure of journalists’ materials strike at the heart of press freedom and the protections we must be able to rely on as reporters,” said President of the International Press Association in Brussels Dafydd ab Iago. “This is illegal under Belgian law, and it sends a chilling message not only to journalists in Brussels but also to our sources here … The harder question is how to pursue those state actors, whether operating from within the EU or from a third country like Russia.”
On Monday, the Orbán-aligned Hungarian newspaper Mandiner — one of the first outlets that wrote about the conversation — published a separate exchange between independent Hungarian journalist Szabolcs Panyi and a contact. The material was received via a “mysterious email” from an individual identifying himself as “the fourth branch of power,” according to the article’s author.
“We have important stories to tell and work to do and remain focused on maintaining the rigor, independence and purpose that our audience expects from us,” Day and Budoff Brown said in their email.
newsukraine.rbc.ua - Cyber specialists from Ukraine's Defense Intelligence (HUR) have carried out a large-scale special operation targeting the occupation authorities in Crimea.
According to a Ukrainian intelligence source speaking to RBC-Ukraine, the operation lasted several days.
A powerful DDoS attack effectively paralyzed the information systems and network infrastructure in Crimea.
While the Russian occupiers were scrambling to identify the cause of the government systems' failure, HUR cyber experts infiltrated the electronic accounts of the leadership of the occupation administration in temporarily occupied Crimea. They gained access to the following digital resources:
ATO’s 76th summit, which will be held June 24-25, 2025, in The Hague, Netherlands, comes at a time as the alliance’s member countries grapple with a rapidly changing global security dynamic. Russia continues to press on with its war campaign in Ukraine despite efforts to achieve a cease fire. Deep questions remain over the U.S. military commitment to Ukraine and if the U.S. would assist Europe if a conflict surfaced as required under Article 5 of NATO’s founding treaty. Israel undertook bombing strikes against Iran on the pretence that Iran was edging close to building viable nuclear weapons, which was followed by U.S. airstrikes. Since the previous summit, the leaders of European NATO countries have shown a dramatic change in rhetoric regarding the need to take on greater responsibility for security on the European continent, particularly as it pertains to increases in defense spending and military assistance to Ukraine. With an anticipated ambitious agenda, evidence of a clear rift in transatlantic relations and the alliance’s global super power distracted with other priorities, the summit could be hampered by disruption and division. This environment is ripe for cyber threats, prompting NATO member states to be on the look out for activity that could impact critical infrastructure entities. These threats could come from ideological and politically motivated attackers, who may seek to draw attention through distributed denial-of-service (DDoS) attacks, data leaks and website defacements affecting NATO nations. This blog, which draws on Intel 471’s Cyber Geopolitical Intelligence, will outline the issues at hand at the summit, the challenges facing NATO and look at the possible cyber threats.
Le conseiller fédéral Albert Rösti signera aujourd’hui à Strasbourg la Convention-cadre du Conseil de l’Europe sur l’intelligence artificielle. Par cet acte, la Suisse rejoint les États signataires d’un premier instrument juridiquement contraignant au niveau international visant à encadrer le développement et l’utilisation de l’IA dans le respect des droits fondamentaux
In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group. This is the first time we have identified a shift in Star Blizzard’s longstanding tactics, techniques, and procedures (TTPs) to leverage a […]
Amnesty said it found NoviSpy, an Android spyware linked to Serbian intelligence, on the phones of several members of Serbian civil society following police stops.
Officials from EU anti-fraud office were allegedly followed, wiretapped and had their laptops hacked by Hungary’s intelligence agency.
“As a result of a multi-step national security review process, which involves rigorous scrutiny by Canada’s national security and intelligence community, the Government of Canada has ordered the wind up of the Canadian business carried on by TikTok Technology Canada, Inc. The government is taking action to address the specific national security risks related to ByteDance Ltd.’s operations in Canada through the establishment of TikTok Technology Canada, Inc. The decision was based on the information and evidence collected over the course of the review and on the advice of Canada’s security and intelligence community and other government partners.
Italian probe reveals “gigantic and alarming market of confidential data,” prosecutors say.
Private Cloud Compute is a cloud intelligence system that Apple designed for private artificial intelligence processing, and it's what Apple is...
Google launches Global Signal Exchange (GSE), an initiative aimed at fostering the sharing of online fraud and scam intelligence.
Devices are kept in vault during weekly gatherings, prime minister said.
Leaked internal documents have exposed the activities of a Russian state-backed legal defence foundation that European intelligence agencies and analysts say is in fact a Kremlin influence operation active in 48 countries across Europe and around the world.
Internal documents from the Fund for Support and Protection of the Rights of Compatriots Living Abroad (Pravfond) indicate that the foundation finances propaganda websites targeted at Europeans, helped pay for the legal defence of the convicted arms trafficker Viktor Bout and the assassin Vadim Krasikov, and has employed a number of former intelligence officers as the directors of its operations in European countries.
Intelligence officials suspect Wirecard COO Jan Marsalek of colluding with the far-right Freedom Party on Moscow’s behalf.
Hackers linked to Beijing’s security services targeted European politicians to gather sensitive data.
For years, an enduring mystery has surrounded the Stuxnet virus attack that targeted Iran’s nuclear program: How did the U.S. and Israel get their malware onto computer systems at the highly secured uranium-enrichment plant?
The European Union agreed on terms of the AI Act, a major new set of rules that will govern the building and use of AI and have major implications for Google, OpenAI, and others racing to develop AI systems.
Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard, who has improved their detection evasion capabilities since 2022 while remaining focused on email credential theft against targets.
En Suisse aussi, l’intelligence artificielle (IA) investit de plus en plus la vie économique et sociale de la population. Dans ce contexte, le PFPDT rappelle que la loi sur la protection des données en vigueur depuis le 1er septembre 2023 est directement applicable aux traitements de données basés sur l’IA.
