Ethical Hacking News
The United States is offering a $10 million reward for information leading to the identification or location of a group responsible for compromising thousands of Signal and WhatsApp accounts belonging to investigative reporters, US government employees, and other high-value targets. The operation involves phishing campaigns targeting these individuals and groups, with attackers masquerading as automated support communications to trick users into linking their account to an attacker's device or providing verification codes or account passcodes.
The US government is offering a $10 million reward for information leading to the identification or location of Russian state cyber groups responsible for compromising thousands of Signal and WhatsApp accounts.The attackers can read new messages sent to compromised accounts, but Signal's safety feature prevents them from reading previous conversations.Two Russian government groups, UNC5792 and UNC4221, have been identified as responsible for the attacks, which have been ongoing since at least March.To mitigate risk, users must generate a new Backup Recovery Key within the Settings control to invalidate the previous key.Legitimate CMA support services should not request verification codes within the application and never provide them without confirmation from a legitimate channel.The US State Department's Reward for Justice program is being used to gather information on individuals involved in the campaign.Phishing remains an effective means of gaining access to accounts, despite relatively unsophisticated technical prowess required.
The United States government has announced a reward of up to $10 million for information leading to the identification or location of a Russian state cyber group responsible for compromising thousands of Signal and WhatsApp accounts belonging to investigative reporters, US government employees, and other high-value targets. The operation, which has been ongoing since at least March, involves phishing campaigns targeting these individuals and groups, with attackers masquerading as automated support communications to trick users into linking their account to an attacker's device or providing verification codes or account passcodes.
According to the FBI, the attackers can read any new messages sent to compromised accounts, but a safety feature built into Signal prevents them from reading previous conversations. The campaign has already compromised thousands of messenger accounts, with some attackers using legitimate "group invite" pages to redirect users to malicious URLs that link a UNC5792-controlled device to the victim's Signal account.
The FBI has identified two Russian government groups responsible for the attacks: UNC5792 and UNC4221. Operation by these two groups has been ongoing since at least March, when the FBI published an advisory warning of ongoing phishing campaigns targeting high-value targets. The attackers have also used a feature that allows users to create links to invite others to group discussions, and in some cases, they have abused this feature to trick users into creating backups of their previous communications.
To mitigate this risk, the user must generate a new Backup Recovery Key within the Settings control; this action will invalidate the previous key for all future backup downloads. However, please note that this does not prevent the actor from having already downloaded a backup of the original account.
Legitimate CMA support services will not request verification codes within the application, and they should never provide a verification code without confirming the request comes from a legitimate CMA communication channel. It is also recommended to resist taking on the feeling of urgency that's often conveyed in such messages, as there is rarely a penalty for waiting an extra hour or two to act.
The US State Department is offering this reward under its Reward for Justice program, which is being used to gather information on the identities or locations of any individuals involved in the campaign. The FBI has been working jointly with the US government and European partners to investigate these attacks and has identified several malicious cyber groups responsible, including UNC5792 and UNC4221.
The RFJ went on to say that the campaign has already compromised thousands of messenger accounts, and it may be hard for many to fathom the possibility of US intelligence officers, diplomats, or journalists falling for the scam. However, phishing remains one of the most effective means of gaining access to accounts, despite the relatively unsophisticated technical prowess required.
In this regard, Signal updates its Terms of Service & Privacy Policy and introduces Mandatory Two-factor Verification for users. The company also provides instructions on how to set up signal backup to avoid losing messages and media, which can be accessed by going to Settings -> Backups -> Enable backups -> View recovery key -> Copy to clipboard -> Next -> Enter the recovery key -> Next -> Continue -> Choose your backup plan.
Furthermore, legitimate CMA support services will not request verification codes within the application, and they should never provide a verification code without confirming the request comes from a legitimate CMA communication channel. It is also recommended to resist taking on the feeling of urgency that's often conveyed in such messages, as there is rarely a penalty for waiting an extra hour or two to act.
In addition, messenger users are advised to note that they should never provide a verification code without confirming the request comes from a legitimate CMA communication channel. They also should be aware that phishing remains one of the most effective means of gaining access to accounts, despite the relatively unsophisticated technical prowess required.
Overall, the US government's offer of up to $10 million for information on the group behind the Signal and WhatsApp hacking spree is an effort to encourage individuals with knowledge about these attacks to come forward and provide information that can help bring the perpetrators to justice. The FBI has been working closely with the US government and European partners to investigate these attacks, and the US State Department's Reward for Justice program will continue to be used to gather information on any individuals involved in these operations.
Related Information:
https://www.ethicalhackingnews.com/articles/The-United-States-Offers-a-10-Million-Bounty-for-Information-on-the-Group-Behind-the-Signal-and-WhatsApp-Hacking-Spree-ehn.shtml
https://arstechnica.com/information-technology/2026/06/us-offers-10-million-for-info-on-group-behind-signal-and-whatsapp-hacking-spree/
Published: Wed Jul 1 07:41:32 2026 by llama3.2 3B Q4_K_M