politico.eu
April 1, 2026 8:54 pm CET
By Zoya Sheftalovich, Sam Clark and Sebastian Starcevic
European Commission department chiefs and their deputies were told to stop gabbing on the encrypted app following a series of cyberattacks on the EU’s internal communications.
BRUSSELS — The European Commission has told some of its most senior officials to shut down a Signal group they were using to exchange information over fears it was a hacking target.
Department chiefs and deputy chiefs were members of the group chat on the encrypted messaging app, according to three Commission officials with knowledge of the issue. The embargo comes as the EU grapples with a series of spying allegations, with the Commission saying last week it was investigating a cyberattack on its websites.
“Cyber operations” are “increasing in quality and quantity” including from both data-hungry criminals and foreign governments, said Sven Herpig, a cybersecurity and emerging threats researcher at German think tank Interface. “Politicians and political parties have always been targeted” by spies and snoops, he added.
The Commission became aware of the group chat last month and asked its members to delete it fearing they could be targeted by hackers, two of the officials said. There is no evidence any member of the group was intercepted, and the order to stop using the chat was issued due to increasing security concerns about messaging apps in the institution, one of the officials said. Last month, a private telephone conversation between a POLITICO reporter and an EU official was intercepted and published online.
Two other Commission officials and one of the officials mentioned above, all of whom were granted anonymity to speak freely about sensitive matters, confirmed that members of commissioners' cabinets and other senior bureaucrats had received messages asking them to enter their Signal PIN codes, which were identified as phishing attempts.
“Signal is pretty secure, but if an attacker owns your phone, they might have access to your chats, including your pictures and everything else you have on your phone,” Herpig said. “If you want to communicate as a politician, as a parliamentarian … you don’t have any better options."
Users of the messaging app WhatsApp have also been targeted, although attempted hacks have lately been more common in Signal, two of the officials said.
The Commission's official guidance for its employees suggests they should avoid WhatsApp and instead use Signal, which cybersecurity experts regard as more secure.
A Commission spokesperson said: "We do not comment on internal security practices. We take cybersecurity risks very seriously and have clear internal guidelines for our staff."
The institution is taking the recent spate of attacks seriously, holding comprehensive cybersecurity assessments and regularly replacing officials' phones and devices, two Commission officials said.
The Commission is investigating a cyberattack on its websites, with early findings suggesting some data was stolen, the institution said Friday. In January the Commission said it had found evidence of a cyberattack on the technical infrastructure it uses to manage its mobile devices, which “may have resulted” in hackers gaining access to staff names and mobile numbers.
Hacking and Signal vulnerability is an issue not just for the Commission. Intelligence services in the Netherlands warned last month of a “large-scale global cyber campaign,” in which hackers from the Kremlin posed as a fake Signal support chatbot to trick officials into revealing their app PIN codes. French, German, Portuguese and British security services issued similar alerts.
“The best option you have right now is Signal, Threema, and after that, to a certain degree, WhatsApp,” said Herpig of Interface. Threema is a Swiss-developed encrypted messaging app.
Signal and WhatsApp lack features required for government comms, said Matthew Hodgson, chief executive of Element, a company that built tech used by multiple European governments for secure messaging apps. "You can't kick somebody out of a WhatsApp group if they get fired from the government. You have no single sign-on, no authentication access control … you have a single point of failure."
The use of Signal by government officials drew a spotlight last year after the editor-in-chief of U.S. magazine The Atlantic was accidentally added to a Signal group chat containing some of the most senior members of the U.S. government, including Vice President JD Vance, in which they discussed detailed military plans — in a breach of security dubbed Signalgate. The episode highlighted the extent to which commercial messaging apps have become embedded in government operations.
politico.eu – POLITICO
March 25, 2026 1:48 am CET
By Zoya Sheftalovich
“Our internal reviews have found no evidence that any devices, networks or systems have been compromised,” POLITICO says in email to staff.
BRUSSELS ― POLITICO launched a security review after a private telephone conversation between one of its reporters and an EU official about issues connected to Hungary and Ukraine was apparently intercepted and the recording published online.
The nine-minute audio clip, from a call that took place on March 3, was uploaded to YouTube on March 16. It has been listened to 5,100 times, according to YouTube data.
“Our internal reviews have found no evidence that any devices, networks or systems have been compromised,” Kate Day, POLITICO’s senior executive editor in Europe, and Carrie Budoff Brown, POLITICO’s executive editor and executive vice president, said in an email to employees on Wednesday.
“We will not be intimidated by an apparent attempt to interfere with independent reporting — nor deterred from the important work we do,” they wrote. “We have always been and will remain vigilant in protecting our sources, supporting the work of our journalists, and maintaining the accuracy of our independent, nonpartisan reporting.”
The issue comes at a time when leaks of confidential EU information are in the spotlight ahead of the Hungarian general election on April 12. In a report on Saturday, the Washington Post said that Viktor Orbán’s government maintained close contacts with Moscow throughout the war in Ukraine, and Hungarian Foreign Minister Péter Szijjártó used breaks during meetings with other member countries to update his Russian counterpart.
A spokesperson for the EU institution where the official works declined to comment on “tapes produced by unknown and anonymous actors.” POLITICO is not identifying the EU official because the call wasn’t on the record.
POLITICO has not been able to determine how the recording may have been obtained and who was responsible for posting it to YouTube.
‘Chilling message’
Several Slovak and Hungarian news websites wrote articles about the recording and published partial transcripts.
“Hacking and the disclosure of journalists’ materials strike at the heart of press freedom and the protections we must be able to rely on as reporters,” said President of the International Press Association in Brussels Dafydd ab Iago. “This is illegal under Belgian law, and it sends a chilling message not only to journalists in Brussels but also to our sources here … The harder question is how to pursue those state actors, whether operating from within the EU or from a third country like Russia.”
On Monday, the Orbán-aligned Hungarian newspaper Mandiner — one of the first outlets that wrote about the conversation — published a separate exchange between independent Hungarian journalist Szabolcs Panyi and a contact. The material was received via a “mysterious email” from an individual identifying himself as “the fourth branch of power,” according to the article’s author.
“We have important stories to tell and work to do and remain focused on maintaining the rigor, independence and purpose that our audience expects from us,” Day and Budoff Brown said in their email.
Medical testing services provider Laboratory Services Cooperative (LSC) is notifying 1.6 million individuals that their personal information was stolen in an October 2024 data breach.
As part of the cyberattack, which was identified on October 27, a threat actor accessed LSC’s network and accessed and exfiltrated certain files containing patient and employee information.
GLASSBRIDGE is an umbrella group of four different companies that operate networks of inauthentic news sites and newswire services.
In this new report, learn how threat actors are leveraging cloud services to target web services with ransomware attackers.
A case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). This incident is a prime example of how threat actors chain zero-day vulnerabilities to gain initial access to a victim’s network. Learn more.
A cyber security expert warns the hack, uncovered by i, presents a 'terrible threat to public health safety'
American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks.
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which…
Discover how SMS scammers are exploiting cloud storage to host scam websites with the intention of stealing sensitive information
The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations.
#Cybersecurity #Incident #Internal #LockBit #Ransomware #Security #Statistics #Threats #response #services
As demand for malicious proxy services continues, new players have entered the market. Black Proxies is marketed to other cybercriminals for their reliability, scope, and overwhelming number of IP addresses.
