U.S. puts $10M bounty on Russian hackers targeting Signal and WhatsApp users
The U.S. government has put a $10 million price tag on the heads of two Russian-linked hacking groups accused of infiltrating Signal and WhatsApp accounts through phishing attacks. The State Department’s Rewards for Justice program is now offering the reward for information leading to the identification or location of members of UNC5792 and UNC4221—groups Washington says target government officials, journalists, military personnel, and political figures.
A shift in tactics: from codes to recovery keys
Instead of stealing simple verification codes, these hackers have refined their approach. They now trick victims into revealing Signal Backup Recovery Keys, granting them access to past conversations and full account data. The change reflects a broader evolution in Russian cyber operations, moving away from brute-force methods toward social engineering that exploits features designed to improve user experience. By abusing legitimate device-linking functions in secure messaging apps, the attackers can silently connect their own devices to victims’ accounts and siphon sensitive information.
Who’s in the crosshairs—and why it matters
Targets include U.S. and allied officials, defense personnel, NATO diplomats, investigative journalists covering Russia and Ukraine, NGOs supporting Ukraine, and academic researchers. The FBI and CISA recently updated their 2026 advisory to highlight the new focus on recovery keys and to formally name the two groups, linking them to officers within the Russian Federal Security Service (FSB). Authorities are also seeking details on the groups’ funding streams, digital infrastructure, and any contractors or intermediaries that sustain their operations.
Source: Security Affairs. AI-assisted editorial synthesis — TechnoExpress.