Poland has ordered government officials to stop using Signal for sensitive communications, transitioning instead to state-developed platforms following targeted phishing campaigns by Russian-backed cyber espionage groups.

Key Points

• The Polish Ministry of Digital Affairs identified persistent social engineering attacks where hackers impersonated Signal support staff to steal verification codes.
• Attackers utilized malicious QR codes and links to gain unauthorized access to private chats, group messages, and sensitive conversation histories.
• Government personnel are transitioning to mSzyfr Messenger, an encrypted tool managed by the national research institute NASK-PIB.
• Officials will also utilize SKR-Z, a secure, isolated network specifically designed for handling classified communications up to the "Restricted" level.
• This policy shift replaces the previous recommendation of Threema, which had been the government-approved standard since 2022.

Why it Matters

• This move highlights the growing trend of European governments abandoning public messaging apps in favor of sovereign, domestically controlled communication infrastructure to mitigate state-sponsored espionage. While these platforms offer greater administrative oversight, they also shift the burden of security from widely audited commercial software to internal national systems.