The U.
Thank you for being a Ghacks reader. The post US Offers $10 Million Bounty for Information on Russian Hackers Targeting Signal and WhatsApp Users appeared first on gHacks.
The U.S. Department of State has announced a reward of up to $10 million for information leading to the identification or location of members of the hacker groups UNC5792 and UNC4221.
These groups are linked to Russia's intelligence and military agencies. This offer is part of the State Department's Rewards for Justice program.
The groups have carried out extensive phishing campaigns targeting Signal and WhatsApp accounts of U.S. government officials, military leaders, and allied personnel.
UNC5792 is associated with the Russian Federal Security Service Border Guards, while UNC4221 is described as operating on behalf of Russian military services.
Last week, the FBI and CISA updated a March 2026 advisory with new tactics observed in attacks attributed to these groups.
The U.S. government is seeking information regarding the UNC5792 group and their support personnel. They want details on the names, locations, biographies, and affiliations of these actors and their team members.
Additionally, they are interested in connections to Russian intelligence agencies, contractors, and third-party service providers. The request includes information about the group's operational infrastructure, such as domains, servers, hosting environments, data storage solutions, tools, frameworks, and software used.
They are also looking into funding sources, financial accounts, banking relationships, and payment methods. Finally, they seek details on cryptocurrency wallets, blockchain transactions, and financial networks that support the group's operations.
The attacks do not exploit vulnerabilities in Signal's or WhatsApp's encryption. Instead, they rely on social engineering tactics aimed at users to obtain access details.
According to FBI and CISA, attackers pose as Signal support representatives in direct messages, claiming a mandatory two-factor verification is needed.
This is a scam designed to persuade users to share their Signal Backup Recovery Key, which provides access to their previous communications on the platform.
Once the attackers have the backup key, they can restore the victim's Signal data to a device they control and view past messages.
The US government has confirmed that thousands of individual accounts have been compromised across both Signal and WhatsApp through these methods.
The main targets include:
Although the focus is mostly on individuals in government and policy roles, the techniques employed can be modified to target any high-value person.
Users on Signal and WhatsApp should follow these practices to stay protected:
Signal's official support team communicates only through official email addresses and does not send in-app direct messages or outreach through unsolicited contacts.
Anyone with information that could help identify or find members of UNC5792 or UNC4221 is encouraged to contact the Rewards for Justice program.
Tips can be submitted through its website or via encrypted channels designed for sensitive sources. The $10 million reward is among the highest offered by the program, indicating the serious and ongoing threat posed.
Past cases have seen rewards paid for information leading to the identification or capture of state-sponsored cyber actors.
The bounty announcement is part of the broader US response to Russian cyber operations targeting US and allied interests.
The attacks on Signal and WhatsApp do not indicate a vulnerability in the platforms themselves but show how attackers are adapting to encrypted messaging by targeting users directly instead of exploiting encryption.
For those not in the targeted groups, these attacks serve as a reminder that even highly encrypted messaging services can be compromised through social engineering.
Maintaining good operational security, such as being cautious with unsolicited messages and protecting recovery keys, remains important regardless of the strength of the encryption.