politico.eu
April 1, 2026 8:54 pm CET
By Zoya Sheftalovich, Sam Clark and Sebastian Starcevic
European Commission department chiefs and their deputies were told to stop gabbing on the encrypted app following a series of cyberattacks on the EU’s internal communications.
BRUSSELS — The European Commission has told some of its most senior officials to shut down a Signal group they were using to exchange information over fears it was a hacking target.
Department chiefs and deputy chiefs were members of the group chat on the encrypted messaging app, according to three Commission officials with knowledge of the issue. The embargo comes as the EU grapples with a series of spying allegations, with the Commission saying last week it was investigating a cyberattack on its websites.
“Cyber operations” are “increasing in quality and quantity” including from both data-hungry criminals and foreign governments, said Sven Herpig, a cybersecurity and emerging threats researcher at German think tank Interface. “Politicians and political parties have always been targeted” by spies and snoops, he added.
The Commission became aware of the group chat last month and asked its members to delete it fearing they could be targeted by hackers, two of the officials said. There is no evidence any member of the group was intercepted, and the order to stop using the chat was issued due to increasing security concerns about messaging apps in the institution, one of the officials said. Last month, a private telephone conversation between a POLITICO reporter and an EU official was intercepted and published online.
Two other Commission officials and one of the officials mentioned above, all of whom were granted anonymity to speak freely about sensitive matters, confirmed that members of commissioners' cabinets and other senior bureaucrats had received messages asking them to enter their Signal PIN codes, which were identified as phishing attempts.
“Signal is pretty secure, but if an attacker owns your phone, they might have access to your chats, including your pictures and everything else you have on your phone,” Herpig said. “If you want to communicate as a politician, as a parliamentarian … you don’t have any better options."
Users of the messaging app WhatsApp have also been targeted, although attempted hacks have lately been more common in Signal, two of the officials said.
The Commission's official guidance for its employees suggests they should avoid WhatsApp and instead use Signal, which cybersecurity experts regard as more secure.
A Commission spokesperson said: "We do not comment on internal security practices. We take cybersecurity risks very seriously and have clear internal guidelines for our staff."
The institution is taking the recent spate of attacks seriously, holding comprehensive cybersecurity assessments and regularly replacing officials' phones and devices, two Commission officials said.
The Commission is investigating a cyberattack on its websites, with early findings suggesting some data was stolen, the institution said Friday. In January the Commission said it had found evidence of a cyberattack on the technical infrastructure it uses to manage its mobile devices, which “may have resulted” in hackers gaining access to staff names and mobile numbers.
Hacking and Signal vulnerability is an issue not just for the Commission. Intelligence services in the Netherlands warned last month of a “large-scale global cyber campaign,” in which hackers from the Kremlin posed as a fake Signal support chatbot to trick officials into revealing their app PIN codes. French, German, Portuguese and British security services issued similar alerts.
“The best option you have right now is Signal, Threema, and after that, to a certain degree, WhatsApp,” said Herpig of Interface. Threema is a Swiss-developed encrypted messaging app.
Signal and WhatsApp lack features required for government comms, said Matthew Hodgson, chief executive of Element, a company that built tech used by multiple European governments for secure messaging apps. "You can't kick somebody out of a WhatsApp group if they get fired from the government. You have no single sign-on, no authentication access control … you have a single point of failure."
The use of Signal by government officials drew a spotlight last year after the editor-in-chief of U.S. magazine The Atlantic was accidentally added to a Signal group chat containing some of the most senior members of the U.S. government, including Vice President JD Vance, in which they discussed detailed military plans — in a breach of security dubbed Signalgate. The episode highlighted the extent to which commercial messaging apps have become embedded in government operations.
lookout.com - Massistant is a mobile forensics application used by law enforcement in China to collect extensive information from mobile devices.
Researchers at the Lookout Threat Lab have discovered a mobile forensics application named Massistant, used by law enforcement in China to collect extensive information from mobile devices. This application is believed to be the successor to a previously reported forensics tool named “MFSocket” used by state police and reported by various media outlets in 2019. These samples require physical access to the device to install, and were not distributed through the Google Play store.
Forensics tools are used by law enforcement personnel to collect sensitive data from a device confiscated by customs officials, at local or provincial border checkpoints or when stopped by law enforcement officers.
These tools can pose a risk to enterprise organizations with executives and employees that travel abroad - especially to countries with border patrol policies that allow them to confiscate mobile devices for a short period of time upon entry. In 2024, the Ministry of State Security introduced new legislation that would allow law enforcement personnel to collect and analyze devices without a warrant. There have been anecdotal reports of Chinese law enforcement collecting and analyzing the devices of business travellers. In some cases, researchers have discovered persistent, headless surveillance modules on devices confiscated and then returned by law enforcement such that mobile device activity can continue to be monitored even after the device has been returned.
This report details a newly identified and active fraud campaign, highlighting the emergence of sophisticated mobile malware leveraging innovative techniques:
Lookout researchers have discovered a novel Android surveillance tool dubber KoSpy. It is attributed to APT 37 aka ScarCruft
iVerify’s Mobile Threat Hunting finds Pegasus spyware is more prevalent and capable of infecting a wide range of devices, not just devices of high-risk users.
A Telegram for Android zero-day vulnerability dubbed 'EvilVideo' allowed attackers to send malicious Android APK payloads disguised as video files.
The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey.
Laptop and tablet accessories maker Targus disclosed that it suffered a cyberattack disrupting operations after a threat actor gained access to the company's file servers.
Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them.
Ukraine's biggest mobile network operator was hit on Tuesday by what appeared to be the largest cyberattack of the war with Russia so far, knocking out mobile and internet services for millions and the air raid alert system in parts of Kyiv region.
Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks.
The FBI is warning of a new tactic used by cybercriminals where they promote malicious "beta" versions of cryptocurrency investment apps on popular mobile app stores that are then used to steal crypto.
An overview of the Lemon Group’s use of preinfected mobile devices, and how this scheme is potentially being developed and expanded to other internet of things (IoT) devices. This research was presented in full at the Black Hat Asia 2023 Conference in Singapore in May 2023.
A new study by Juniper Research has found operators will generate $27 billion from the termination of SMS messages related to multi-factor authentication in 2022; an increase from $25 billion in 2021. The research predicts this 5% growth will be driven by increased pressure on digital service providers to offer secure authentication that reduces risk of data breaches and protects user identity. Multi-factor authentication combines multiple credentials to verify a user or transaction. This includes sending an SMS that contains a one‑time password or code to a user’s unique phone number.
Vodafone Portugal, one of the country’s leading telecommunications companies, said Tuesday it had been hacked though no confidential customer data was compromised
