Poland directs officials to ditch Signal in favor of 'secure' state-developed alternative

Poland directs officials to ditch Signal in favor of 'secure' state-developed alternative

Shift comes amid mounting reports of successful social engineering attacks targeting higher-ups in government

The Polish government is urging public officials and "entities within the National Cybersecurity System" to stop using Signal, directing them to instead use an encrypted messenger developed by a leading Polish research organization.In an announcement on Friday, the government stated that Signal comes with security risks, including social engineering attacks orchestrated by advanced persistent threat (APT) groups."National-level Computer Security Incident Response Teams (CSIRTs) have identified phishing campaigns conducted by APT groups linked to hostile state agencies," the announcement says. "These attacks target, among others, public figures and government employees."

Offering examples of these social engineering campaigns, the government said attackers impersonate Signal support staff and abuse this perceived trust to take over victims' accounts.

Attackers trick users into opening malicious links by sending messages designed to create a sense of urgency, such as those supposedly informing them of their account being blocked. Successful attempts can expose victims' phone numbers and, crucially, messages sent between government officials, potentially threatening national security.A more detailed advisory cited "recent security incidents" related to Signal as reasons for the change. It didn't specify what these recent attacks were, or even who was behind them, but it can be reasonably assumed that the Polish government was indirectly referencing Russia's phishing attempts against both Signal and WhatsApp, which were revealed in March.