US offers $10 million for info on group behind Signal and WhatsApp hacking spree

by | Jul 17, 2026 | Technology

News summary produced by Claude AI

Federal authorities have announced a substantial reward for intelligence regarding a Russian state-sponsored cyber operation targeting encrypted messaging platforms. The campaign, attributed to two Russian government-linked groups designated UNC5792 and UNC4221, has compromised thousands of Signal and WhatsApp accounts belonging to high-value targets including current and former US government officials, military leadership, and investigative journalists.

The operation has been active since at least March, when the FBI first issued warnings about phishing campaigns impersonating automated support communications. The attackers employed deceptive messages requesting users click links or provide verification codes and account credentials. Successful compromise allowed attackers to access new messages on the targeted accounts, though Signal’s security architecture prevented access to previous conversations.

In recent developments, the campaign tactics evolved beyond account linking attempts. Messages now direct targets to create backups of their communications and provide the encryption passcodes needed to access those backups. Some variants misuse Signal’s group invitation feature by redirecting users to malicious URLs that link attacker-controlled devices to victim accounts. The FBI confirmed these attacks exploited no vulnerabilities in the platforms’ encryption protections but succeeded through social engineering techniques.

On Monday, the US State Department announced a reward of up to $10 million through its Reward for Justice program for information identifying or locating individuals involved in the campaign. The program specifically seeks intelligence on UNC5792, associated with the Russian Federal Security Service Border Guards, and UNC4221, linked to Russian military services. Officials noted that while the technical methods employed were relatively unsophisticated, phishing remains highly effective against individuals experiencing fatigue or lapses in vigilance.

Security experts recommend users resist the sense of urgency conveyed in such messages and advise that account holders who provided backup recovery keys should generate new ones, though this does not prevent attackers from accessing previously downloaded backups.

Article Attribution | Read More at Article Source