Poland’s government is urging public-sector organizations to reduce their reliance on Signal for official communications and instead adopt domestically controlled encrypted messaging systems following a surge in phishing attacks targeting politicians, government personnel, and military staff.
Poland’s Government Plenipotentiary for Cybersecurity warned that advanced persistent threat (APT) groups linked to hostile foreign intelligence services are actively attempting to compromise Signal accounts belonging to public officials and employees of state institutions.
The recommendation, signed by Deputy Prime Minister and Minister of Digital Affairs Krzysztof Gawkowski, specifically advises entities within Poland’s National Cybersecurity System (KSC) to use trusted government-managed communication platforms instead of commercial messaging applications for sensitive work.
The Ministry of Digital Affairs is recommending two nationally operated systems:
- mSzyfr — an encrypted messaging platform managed by Poland’s National Research Institute NASK for secure official communications
- SKR-Z — an isolated classified communications network designed for handling restricted information
According to the advisory, both systems operate entirely under Polish jurisdiction, with their infrastructure hosted in Poland and administered in accordance with national cybersecurity standards.
The move mirrors a broader European trend toward “digital sovereignty” in government communications. Earlier this month, Germany’s Bundestag similarly encouraged lawmakers to transition away from Signal and use the Wire messaging platform after phishing attacks targeted politicians.
Poland’s warning follows investigations by national CSIRT teams into ongoing phishing campaigns attributed to actors aligned with the interests of the Russian Federation. The attacks are reportedly aimed at politicians, public administrators, and military personnel as part of broader cyber-espionage operations.
The government stressed that Signal’s encryption itself has not been broken. Instead, attackers are abusing legitimate account-management features through social engineering.
The accompanying technical guidance from Poland’s Cyber Defense Forces Component Command (DKWOC) describes two primary attack methods.
In the first scenario, attackers impersonate Signal support personnel or automated security chatbots and send messages warning users about suspicious activity or account compromise. Victims are then tricked into sharing SMS verification codes and Signal PINs, allowing attackers to fully hijack their accounts.
The second technique involves malicious QR codes or links that secretly connect an attacker-controlled device to the victim’s Signal account. Once linked, attackers may gain access to private chats, group conversations, and message histories while remaining largely invisible to the victim.
Polish authorities are advising users to:
- Enable Signal’s “Registration Lock” feature
- Regularly review linked devices
- Never share SMS verification codes or PINs
- Avoid scanning QR codes from unsolicited messages
- Hide phone numbers within Signal
- Use usernames instead of publicly exposed phone numbers
The recommendation also explicitly warns officials not to use Signal for transmitting classified or sensitive information.
Leave a Reply