U.S. offers $10 million for hackers targeting WhatsApp, Signal users

The US Department of State has announced a $10 million reward for information that can help identify and locate members of two Russian-backed hacker groups targeting WhatsApp and Signal users. The “Rewards for Justice” program is designed to track down foreign state actors carrying out cyberattacks against US critical infrastructure, including government officials, military personnel, and allies.

The two hacker groups in question, UNC5792 and UNC4221, are linked to Russia’s intelligence and military services. According to the US government, UNC5792 has been conducting widespread phishing campaigns targeting Signal and WhatsApp accounts of high-ranking US officials and their counterparts around the world. The hackers use sophisticated tactics to trick users into revealing sensitive data, including backup recovery keys for the encrypted messaging app Signal.

The FBI and CISA have updated an advisory on these threat groups, warning that they are now impersonating Signal support agents in direct messages to targets, instructing them to complete a mandatory two-factor verification process. This is actually a ruse to obtain the user’s data backup key, which would grant access to their previous communications on the platform. While communication platforms and their encryption haven’t been compromised, these attacks can still be highly effective at siphoning private data.

The US government has emphasized that typical targets of this activity are government officials, diplomats, defense personnel, intelligence analysts, journalists covering Russia and Ukraine, NGOs supporting Ukraine, and security researchers focused on Russian affairs. Signal users should be aware that real support teams communicate exclusively through official company email addresses and never ask users to provide verification codes within the application or send links requesting account verification.

It’s worth noting that these attacks are not just limited to individuals; thousands of commercial messaging app accounts have been compromised in this way. The fact that communication platforms like Signal offer end-to-end encryption does not mean they are immune to these types of attacks. Instead, hackers rely on exploiting user behavior and psychology to trick them into revealing sensitive information.

If you use Signal or any other encrypted messaging service, it’s essential to be cautious when receiving unsolicited messages or requests for verification. Always verify the authenticity of support communications by checking official company email addresses and being wary of links or requests that seem too good (or bad) to be true.

As a best practice, test your defenses regularly to ensure they can detect and prevent such attacks. The Picus whitepaper offers insights into how breach and attack simulation tests can strengthen your SIEM and EDR rules, preventing threats from slipping through detection.


Source: Bleeping Computer — 2026-06-29