The United States has announced a reward of up to $10 million for information that helps identify or locate members of two Russian-linked cyber groups accused of targeting Signal and WhatsApp users. The reward is being offered through the U.S. State Department’s Rewards for Justice program. According to U.S. authorities, the campaign mainly targeted government officials, journalists, military personnel, and other high-profile individuals. The announcement follows fresh warnings from the FBI and other security agencies about the ongoing cyber-espionage activity.
The two hacking groups have been identified as UNC5792 and UNC4221. U.S. officials believe they are linked to Russian intelligence services, including officers associated with the Federal Security Service (FSB) and Russian military intelligence. Investigators say the attackers were not breaking the encryption used by Signal or WhatsApp. Instead, they relied on social engineering methods to trick people into giving away information that allowed access to their personal messaging accounts.
One of the biggest concerns highlighted by the FBI is the growing use of Signal Backup Recovery Keys. These recovery keys allow users to restore encrypted message backups, but if they fall into the wrong hands, attackers can access message histories and private conversations. Security officials warned that a stolen recovery key may continue to work even if the victim creates a new Signal account using the same phone number, making the threat much more serious.
Investigators said the hackers used several phishing techniques to fool victims. They impersonated trusted contacts or official support services and convinced users to share verification codes, account PINs, or backup recovery keys. In some attacks, victims were directed to fake Signal invitation pages that secretly linked attacker-controlled devices to their accounts. Once connected, the hackers could view messages, monitor group chats, and sometimes even take control of the victim’s account.
The FBI stressed that these attacks did not exploit any security flaws in Signal or WhatsApp themselves. Instead, the attackers abused legitimate account features by manipulating users into handing over sensitive credentials. This means the security of the apps’ end-to-end encryption remains intact. The campaign focuses on compromising individual accounts rather than breaking the encrypted communication systems used by the messaging platforms.
The latest warning comes shortly after Ukraine’s Security Service (SBU) announced that it had worked with the FBI to uncover a long-running Russian cyber-espionage campaign. According to Ukrainian officials, the operation targeted government officials, military personnel, politicians, and activists across Ukraine, Europe, and the United States. The attackers were reportedly trying to collect sensitive military, political, and economic information shared through secure messaging applications.
Officials also said the campaign involved fake text messages pretending to be from messaging platform support teams. These messages urged victims to verify their accounts or solve fake security issues, leading them to reveal login credentials and verification details. Authorities believe these tactics allowed the hackers to quietly gain access to valuable communications and personal information without exploiting technical vulnerabilities in the messaging services themselves.
The U.S. government is encouraging anyone with reliable information about the individuals involved or their foreign government-backed cyber activities to come forward through the Rewards for Justice program. The FBI has also advised Signal users to generate a new Backup Recovery Key if they suspect it has been exposed and to stay alert for phishing attempts. Security agencies continue to urge users to protect verification codes, PINs, and recovery keys, as these attacks rely on human deception rather than weaknesses in the messaging apps.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
