Poland urges officials to ditch Signal for state-run messaging apps
Skip to main content<br>Skip to after header navigation<br>Skip to site footer
Latest News
Poland urges officials to ditch Signal for state-run messaging apps
Microsoft: Edge 148 will stop loading cleartext passwords in memory
Mozilla calls on UK to exclude VPNs from age verification rules
Signal begins testing automatic key verification for encrypted chats
About
CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.<br>See our Mission >
Poland urges officials to ditch Signal for state-run messaging apps
May 18, 2026 By Amar Ćemanović — Leave a Comment<br>XLinkedInRedditFacebookShare
Poland’s government is urging public-sector organizations to reduce their reliance on Signal for official communications and instead adopt domestically controlled encrypted messaging systems following a surge in phishing attacks targeting politicians, government personnel, and military staff.
Poland’s Government Plenipotentiary for Cybersecurity warned that advanced persistent threat (APT) groups linked to hostile foreign intelligence services are actively attempting to compromise Signal accounts belonging to public officials and employees of state institutions.
The recommendation, signed by Deputy Prime Minister and Minister of Digital Affairs Krzysztof Gawkowski, specifically advises entities within Poland’s National Cybersecurity System (KSC) to use trusted government-managed communication platforms instead of commercial messaging applications for sensitive work.
The Ministry of Digital Affairs is recommending two nationally operated systems:
mSzyfr — an encrypted messaging platform managed by Poland’s National Research Institute NASK for secure official communications
SKR-Z — an isolated classified communications network designed for handling restricted information
According to the advisory, both systems operate entirely under Polish jurisdiction, with their infrastructure hosted in Poland and administered in accordance with national cybersecurity standards.
The move mirrors a broader European trend toward “digital sovereignty” in government communications. Earlier this month, Germany’s Bundestag similarly encouraged lawmakers to transition away from Signal and use the Wire messaging platform after phishing attacks targeted politicians.
Poland’s warning follows investigations by national CSIRT teams into ongoing phishing campaigns attributed to actors aligned with the interests of the Russian Federation. The attacks are reportedly aimed at politicians, public administrators, and military personnel as part of broader cyber-espionage operations.
The government stressed that Signal’s encryption itself has not been broken. Instead, attackers are abusing legitimate account-management features through social engineering.
The accompanying technical guidance from Poland’s Cyber Defense Forces Component Command (DKWOC) describes two primary attack methods.
In the first scenario, attackers impersonate Signal support personnel or automated security chatbots and send messages warning users about suspicious activity or account compromise. Victims are then tricked into sharing SMS verification codes and Signal PINs, allowing attackers to fully hijack their accounts.
DKWOC
The second technique involves malicious QR codes or links that secretly connect an attacker-controlled device to the victim’s Signal account. Once linked, attackers may gain access to private chats, group conversations, and message histories while remaining largely invisible to the victim.
Polish authorities are advising users to:
Enable Signal’s “Registration Lock” feature
Regularly review linked devices
Never share SMS verification codes or PINs
Avoid scanning QR codes from unsolicited messages
Hide phone numbers within Signal
Use usernames instead of publicly exposed phone numbers
The recommendation also explicitly warns officials not to use Signal for transmitting classified or sensitive information.
If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.
XLinkedInFacebookRedditShare
More from CyberInsider
Microsoft: Edge 148 will stop loading cleartext passwords in memory
Mozilla calls on UK to exclude VPNs from age verification rules
Signal begins testing automatic key verification for encrypted chats
iodéOS review: Privacy-focused Android that doesn’t get in your way
Pwn2Own Berlin 2026 concludes with $1.29 million paid for 47 zero-days
Microsoft Exchange zero-day chain nets DEVCORE $200K at Pwn2Own
About Amar Ćemanović
Amar Ćemanović is an experienced editor and trained engineer with a keen eye for detail and a passion for technology.
Based in Bosnia, Amar specializes in producing high-quality, engaging content. He holds a Master’s degree in engineering, which helps him maintain a meticulous approach to all editorial...