The US government has announced a $10 million bounty for information leading to the identification of Russian state hackers who have been targeting high-profile individuals, including current and former government officials, military leaders, journalists, and politicians. The threat actors, tracked as UNC5792 and UNC4221, are linked to the Russian intelligence services (RIS) and have been using phishing campaigns to gain access to sensitive information.
The attacks involve exploiting legitimate features in popular messaging apps such as Signal and WhatsApp, posing as automated support accounts to trick victims into sharing verification codes or clicking on links that compromise their accounts. The hackers have also been asking victims for their Backup Recovery Keys, which can be used to access historical conversations, including private and group messages.
If a victim shares their Backup Recovery Key, it remains valid even if they create a new account using the same phone number. This means that the hacker could potentially use the compromised key to take over the new account in the future as well. To prevent this, users need to generate a new Backup Recovery Key, which invalidates the previous one.
However, CISA and the FBI warn that even with a new Backup Recovery Key, the actor may have already downloaded a backup of the original account. This is a concerning development, as it suggests that the hackers are capable of accessing sensitive information, including government communications and contact lists.
The US government is seeking information on the threat actors’ affiliation with RIS, their infrastructure and tooling, funding sources, and financial networks, including banking accounts, cryptocurrency wallets, and transactions. The bounty offers up to $10 million for information leading to the identification of UNC5792 actors, including their names, location, and biographies.
The targeting of high-profile individuals using social engineering techniques is a disturbing trend that highlights the ongoing threat posed by Russian state hackers. The fact that these attacks are now evolving to include requests for Backup Recovery Keys adds an extra layer of complexity, making it essential for users to be vigilant when dealing with sensitive information.
To protect themselves from such attacks, users should exercise caution when interacting with messaging apps and avoid sharing verification codes or clicking on suspicious links. If they suspect their account has been compromised, they should generate a new Backup Recovery Key as soon as possible to prevent further access by hackers.
Source: SecurityWeek — 2026-06-29