politico.eu
April 1, 2026 8:54 pm CET
By Zoya Sheftalovich, Sam Clark and Sebastian Starcevic

European Commission department chiefs and their deputies were told to stop gabbing on the encrypted app following a series of cyberattacks on the EU’s internal communications.

BRUSSELS — The European Commission has told some of its most senior officials to shut down a Signal group they were using to exchange information over fears it was a hacking target.

Department chiefs and deputy chiefs were members of the group chat on the encrypted messaging app, according to three Commission officials with knowledge of the issue. The embargo comes as the EU grapples with a series of spying allegations, with the Commission saying last week it was investigating a cyberattack on its websites.

“Cyber operations” are “increasing in quality and quantity” including from both data-hungry criminals and foreign governments, said Sven Herpig, a cybersecurity and emerging threats researcher at German think tank Interface. “Politicians and political parties have always been targeted” by spies and snoops, he added.

The Commission became aware of the group chat last month and asked its members to delete it fearing they could be targeted by hackers, two of the officials said. There is no evidence any member of the group was intercepted, and the order to stop using the chat was issued due to increasing security concerns about messaging apps in the institution, one of the officials said. Last month, a private telephone conversation between a POLITICO reporter and an EU official was intercepted and published online.

Two other Commission officials and one of the officials mentioned above, all of whom were granted anonymity to speak freely about sensitive matters, confirmed that members of commissioners' cabinets and other senior bureaucrats had received messages asking them to enter their Signal PIN codes, which were identified as phishing attempts.

“Signal is pretty secure, but if an attacker owns your phone, they might have access to your chats, including your pictures and everything else you have on your phone,” Herpig said. “If you want to communicate as a politician, as a parliamentarian … you don’t have any better options."

Users of the messaging app WhatsApp have also been targeted, although attempted hacks have lately been more common in Signal, two of the officials said.

The Commission's official guidance for its employees suggests they should avoid WhatsApp and instead use Signal, which cybersecurity experts regard as more secure.

A Commission spokesperson said: "We do not comment on internal security practices. We take cybersecurity risks very seriously and have clear internal guidelines for our staff."

The institution is taking the recent spate of attacks seriously, holding comprehensive cybersecurity assessments and regularly replacing officials' phones and devices, two Commission officials said.

The Commission is investigating a cyberattack on its websites, with early findings suggesting some data was stolen, the institution said Friday. In January the Commission said it had found evidence of a cyberattack on the technical infrastructure it uses to manage its mobile devices, which “may have resulted” in hackers gaining access to staff names and mobile numbers.

Hacking and Signal vulnerability is an issue not just for the Commission. Intelligence services in the Netherlands warned last month of a “large-scale global cyber campaign,” in which hackers from the Kremlin posed as a fake Signal support chatbot to trick officials into revealing their app PIN codes. French, German, Portuguese and British security services issued similar alerts.

“The best option you have right now is Signal, Threema, and after that, to a certain degree, WhatsApp,” said Herpig of Interface. Threema is a Swiss-developed encrypted messaging app.

Signal and WhatsApp lack features required for government comms, said Matthew Hodgson, chief executive of Element, a company that built tech used by multiple European governments for secure messaging apps. "You can't kick somebody out of a WhatsApp group if they get fired from the government. You have no single sign-on, no authentication access control … you have a single point of failure."

The use of Signal by government officials drew a spotlight last year after the editor-in-chief of U.S. magazine The Atlantic was accidentally added to a Signal group chat containing some of the most senior members of the U.S. government, including Vice President JD Vance, in which they discussed detailed military plans — in a breach of security dubbed Signalgate. The episode highlighted the extent to which commercial messaging apps have become embedded in government operations.

politico.eu – POLITICO
March 25, 2026 1:48 am CET
By Zoya Sheftalovich

“Our internal reviews have found no evidence that any devices, networks or systems have been compromised,” POLITICO says in email to staff.

BRUSSELS ― POLITICO launched a security review after a private telephone conversation between one of its reporters and an EU official about issues connected to Hungary and Ukraine was apparently intercepted and the recording published online.

The nine-minute audio clip, from a call that took place on March 3, was uploaded to YouTube on March 16. It has been listened to 5,100 times, according to YouTube data.

“Our internal reviews have found no evidence that any devices, networks or systems have been compromised,” Kate Day, POLITICO’s senior executive editor in Europe, and Carrie Budoff Brown, POLITICO’s executive editor and executive vice president, said in an email to employees on Wednesday.

“We will not be intimidated by an apparent attempt to interfere with independent reporting — nor deterred from the important work we do,” they wrote. “We have always been and will remain vigilant in protecting our sources, supporting the work of our journalists, and maintaining the accuracy of our independent, nonpartisan reporting.”

The issue comes at a time when leaks of confidential EU information are in the spotlight ahead of the Hungarian general election on April 12. In a report on Saturday, the Washington Post said that Viktor Orbán’s government maintained close contacts with Moscow throughout the war in Ukraine, and Hungarian Foreign Minister Péter Szijjártó used breaks during meetings with other member countries to update his Russian counterpart.

A spokesperson for the EU institution where the official works declined to comment on “tapes produced by unknown and anonymous actors.” POLITICO is not identifying the EU official because the call wasn’t on the record.

POLITICO has not been able to determine how the recording may have been obtained and who was responsible for posting it to YouTube.

‘Chilling message’
Several Slovak and Hungarian news websites wrote articles about the recording and published partial transcripts.

“Hacking and the disclosure of journalists’ materials strike at the heart of press freedom and the protections we must be able to rely on as reporters,” said President of the International Press Association in Brussels Dafydd ab Iago. “This is illegal under Belgian law, and it sends a chilling message not only to journalists in Brussels but also to our sources here … The harder question is how to pursue those state actors, whether operating from within the EU or from a third country like Russia.”

On Monday, the Orbán-aligned Hungarian newspaper Mandiner — one of the first outlets that wrote about the conversation — published a separate exchange between independent Hungarian journalist Szabolcs Panyi and a contact. The material was received via a “mysterious email” from an individual identifying himself as “the fourth branch of power,” according to the article’s author.

“We have important stories to tell and work to do and remain focused on maintaining the rigor, independence and purpose that our audience expects from us,” Day and Budoff Brown said in their email.

February 13, 2026 12:36 pm CET
By Antoaneta Roussi

“We also have to have offensive capacity,” says Commissioner Henna Virkkunen.

Europe must be able to strike back in cyberspace, as the strategy to deter adversaries is no longer enough, the EU executive's tech and security chief told POLITICO.
“It’s not enough that we are just defending ... We also have to have offensive capacity,” the European Commission's Executive Vice President Henna Virkkunen said in an interview on the sidelines of the Munich Security Conference on Friday.
For years, European capitals have held back from stating publicly that they support offensive cyber operations — known as "hacking back" — because of fears that such operations could trigger retaliation and escalation from countries like Russia, China and others.
But the tide is turning, as EU states including Germany, Latvia and others warm to the idea of conducting offensive cyber operations. The European Commission also mentioned the need for both defensive and offensive cyber capabilities in its defense white paper in December.
Virkkunen said the Commission is also identifying critical areas and industries where Europe wants more control over its data. It is part of a broader push to reduce dependence on foreign technology and build a homegrown tech and cyber industry in Europe.
“We don’t want to have risky dependencies in any critical fields,” she said. “That doesn’t mean we plan to do everything on our own. When we don’t have certain capacities ourselves, we are very willing to work with like-minded partners to build resilient supply chains.”

politico.eu
January 28, 2026 4:16 pm CET
By Sam Clark

Europe is investing heavily in security but not enough in cyber, bloc’s cyber agency chief says.

BRUSSELS — The European Union urgently needs to rethink its cyber defenses as it faces an unprecedented volume and pace of attacks, the head of the bloc's cyber agency told POLITICO.

“We are losing this game,” said Juhan Lepassaar, the executive director of the EU's Agency for Cybersecurity (ENISA). “We are not catching up, we're losing this game, and we're losing massively.”

Europe has been pummeled with damaging cyberattacks in recent years, which have shut down major airports, disrupted elections and crippled hospitals. Just in the past week, cyber experts pinned an attempted attack on Poland’s power grid on Russia, and the president of Germany's Bundesbank said in an interview that the central bank faced over 5,000 cyberattacks every minute.

The cyber threats come as Europe deals with war on its eastern border, China's growing power over the global technology market and an increasingly unfriendly United States. In the past year, European countries have pledged to boost defense spending and the EU has shaped many of its policies around security and self-reliance.

Investing in security services but not in cybersecurity creates a “loophole,” Lepassaar warned.

The agency chief's warnings come one week after the European Commission presented a proposal to overhaul its Cybersecurity Act legislation. The bill would allow the EU's cyber agency, based in Athens, to expand its personnel by 118 full-time staff and to spend more on operational costs. The agency now has approximately 150 staff.

But Lepassaar lamented that wasn't nearly enough. He drew a comparison to EU police agency Europol and EU border agency Frontex, which have more than 1,400 and more than 2,500 staff respectively, with more resources on the way.

“We just don't need an upgrade. We need a rethink," he said. “Doubling the capacity is the absolute minimum."

The European Union has fallen short in cyber investment for years and it needs to build an entire new EU-level cyber infrastructure, the agency chief said.

Europe needs to 'step up'
When Lepassaar took charge of the agency in 2019, Europe was in a “totally different environment," he said.

In 2019, approximately 17,000 software flaws were added to a global database logging such vulnerabilities; in 2025, more than 41,000 were added, he said. And in 2019, it took hackers approximately two months on average to use those flaws in an attack, but now it took only one day on average, he said, citing industry and government data.

The cybersecurity industry has warned it now takes hackers far less time to exploit glitches, in part because of AI.

Just as Europe has pledged to take greater responsibility for its physical security, it must do the same in cyberspace, said Lepassaar — an Estonian who previously headed the office of European Commissioner for Digital Affairs Andrus Ansip.

In areas such as cataloging and managing cyber vulnerabilities — an obscure but critical area of cybersecurity — the only organizations systematically working on the problem have long been U.S.-based, Lepassaar said. “We all reap the benefits for free … it's needed that we now step up and take our fair share of this.”

MITRE, a U.S.-based nonprofit group, manages a global database of cyber flaws on which the entire industry relies. It nearly lost funding last year before being bailed out by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

European startups and small businesses benefit from a system whose security is “backed up only by MITRE and CISA,” Lepassaar said.

ENISA has started operating a database of cyber flaws — though this was planned before MITRE nearly lost its funding — and recently took on a key technical role that further embeds it at the core of global cybersecurity infrastructure.

“It's part of our obligation as Europe to take our fair share from this,” Lepassaar said.

politico.eu
November 24, 2025 9:12 pm CET
By Mathieu Pollet

“We cannot afford this level of dependence on foreign tech,” lawmakers say in letter obtained by POLITICO.

BRUSSELS — A cross-party group of lawmakers will urge the European Parliament to ditch internal use of Microsoft’s ubiquitous software in favor of a European alternative, according to a letter obtained by POLITICO.

The call comes amid fresh concerns that the dominance of a handful of U.S. tech giants has become too much of a liability for Europe’s security and prosperity, and as the U.S. administration renewed demands for digital concessions at a meeting in Brussels on Monday.

In the scathing letter to be delivered to Parliament President Roberta Metsola on Tuesday, 38 lawmakers also list the screens, keyboards and mouses from Dell, HP and LG — in use across the chamber’s IT systems — as technology that should be ditched.

“With its thousands of employees and vast resources, the European Parliament is best positioned to galvanise the push for tech sovereignty,” the letter reads. “When even old friends can turn into foes and their companies into a political tool, we cannot afford this level of dependence on foreign tech, let alone continue funneling billions of taxpayers' money abroad.”

The lawmakers cite a broad range of European alternatives they argue are viable solutions: from Norwegian internet browser Vivaldi, French search engine Qwant and Swiss secure email suite Proton to German collaboration platform Nextcloud.

“Our mid-term goal should be the complete phase-out of Microsoft products, including the Windows operating system. It’s easier than it sounds,” the lawmakers say, praising the International Criminal Court’s recent move to drop Microsoft over U.S. sanction fears.

The letter is signed by influential members including MEPs Aura Salla and Mika Aaltola from the center-right EPP; Birgit Sippel and Raphaël Glucksmann from the center-left S&D; Stéphanie Yon-Courtin and Marie-Agnes Strack-Zimmermann from the centrist Renew Europe group; Alexandra Geese and Kim van Sparrentak from the Greens; and Leïla Chaibi and Merja Kyllönen from The Left.

“The Parliament's vehicle fleet is almost entirely made up of cars from European brands. The same can be replicated for end-product computer hardware,” they argue. They call to set up a task group of lawmakers and Parliament staffers to help and monitor that transition.

“With enough political will, we will have freed this institution from the danger of foreign tech dependency by the end of the mandate,” they write.

Last week saw Germany swing behind a long-standing push from France to make Europe more reliant on its own technology companies and chart its digital independence from the U.S., at a political summit in Berlin.

Austrian centrist lawmaker Helmut Brandstätter, who coordinated the initiative, said in a statement: “Right now, the European Parliament runs on foreign software that can be switched off, monitored, or politically weaponised overnight. That is not just inconvenient, it is a strategic vulnerability," adding this isn't “anti-American” but “pro European sovereignty.”

“Microsoft is proud to offer the broadest set of sovereignty solutions on the market today,” Robin Koch, a spokesperson for the company, said in a statement. “We will continue to look for new ways to ensure the European Parliament and our other European customers have the options and assurances they need to operate with confidence.”

Cyberattacks are part of Russia’s hybrid warfare strategy, designed not only to cause harm, but to “demonstrate what they are capable of.”

The Norwegian Police Security Service suspects pro-Russian hackers sabotaged a dam in southwestern Norway in April.

Norwegian daily newspaper VG reported that the hackers breached the dam’s control system, opening valves for four hours, sending large amounts of water gushing forth until the valves could be shut.

The chief of the Norwegian Police Security Service (PST) Beate Gangås, disclosed the incident during a presentation on pro-Russian cyber operations at a public event on Wednesday.

According to VG, Gangås said that the number of cyberattacks on Western infrastructure was increasing, often not to cause damage but to “demonstrate what they are capable of.” She also said Norway should be prepared for further hacking attacks.

At the same event, Nils Andreas Stensønes, head of the Norwegian Intelligence Service said that Russia was the biggest threat to Norway’s security.

Cyberattacks on Western targets are part of Russia’s hybrid warfare strategy. In another water-related case in January 2024, a hacking group breached a Texas water facility’s system, causing it to overflow. The suspected hackers are linked to the Kremlin.

The dam is located in the municipality of Bremanger, approximately 150 kilometers north of the city of Bergen. Local media say that the dam is not used for energy production and that the hackers might have exploited a security gap created by a weak password.