U.S. offers $10 million for hackers targeting WhatsApp, Signal users

The U.S. government is taking a bold step in its fight against cyberattacks by offering up to $10 million for information that can help identify or locate members of two Russian-backed hacker groups targeting WhatsApp and Signal users. The bounty is part of the “Rewards for Justice” (RFJ) program, which specifically targets foreign state actors carrying out cyberattacks against U.S. critical infrastructure.

The RFJ announcement focuses on UNC5792, a hacking group linked to Russia’s Federal Security Service (FSB) Border Guards, and UNC4221, a group working on behalf of the Russian military services. According to the government, these groups have been conducting widespread phishing campaigns targeting Signal and WhatsApp accounts of U.S. government officials, military leadership, and allied personnel.

The phishing attacks are designed to be highly convincing, with hackers impersonating Signal support agents in direct messages to targets. The goal is to trick users into revealing their data backup key, which would grant access to the victim’s previous communications on the platform. In fact, the RFJ announcement confirms that thousands of individual accounts for commercial messaging applications have been compromised through this method.

The typical targets of these attacks are U.S. and NATO government officials, diplomats, defense personnel, intelligence analysts, journalists covering Russia and Ukraine, NGOs supporting Ukraine, and researchers focused on security and Russian affairs. The fact that such a wide range of individuals is being targeted suggests the hackers are after sensitive information and may be working to compromise national security.

While communication platforms like Signal and WhatsApp offer robust encryption, these attacks can still be highly effective at siphoning private data. This is because the attackers are exploiting human psychology rather than technical vulnerabilities, making them a particularly insidious threat.

To avoid falling victim to such scams, Signal users should remember that real support teams communicate exclusively through official company email addresses and never ask users to provide verification codes within the application or send links requesting account verification, recovery, or restoration. This simple precaution can go a long way in protecting your private data from these highly sophisticated hackers.

Ultimately, this bounty serves as a stark reminder of the ongoing threat posed by state-sponsored hacking groups like UNC5792 and UNC4221. It also highlights the importance of vigilance in the face of increasingly sophisticated cyberattacks, where human psychology is often the weakest link in our defenses. By staying informed and taking simple precautions, we can all do our part to stay one step ahead of these hackers.


Source: Bleeping Computer — 2026-06-29