Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1794+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. U.S. Offers $10 Million for Russian Hackers Targeting WhatsApp and Signal Users
U.S. Offers $10 Million for Russian Hackers Targeting WhatsApp and Signal Users
NEWS

U.S. Offers $10 Million for Russian Hackers Targeting WhatsApp and Signal Users

The U.S. Department of State is offering up to $10 million through its Rewards for Justice program for information identifying members of UNC5792 and...

Dylan H.

News Desk

June 29, 2026
3 min read

The U.S. Department of State has announced a reward of up to $10 million for information that helps identify or locate members of two Russian cyber-espionage groups — UNC5792 and UNC4221 — through its Rewards for Justice program.

Both groups are assessed to be linked to Russia's Federal Security Service (FSB), with ties to border guard intelligence and military services. Their campaigns specifically target encrypted messaging platforms — Signal and WhatsApp — to compromise high-value individuals.

Who Is Being Targeted

The groups have focused their operations on:

  • Government officials and diplomats
  • Military and intelligence personnel
  • Journalists and political dissidents
  • Activists and civil society figures

The targeting pattern is consistent with intelligence collection priorities, particularly around individuals whose encrypted communications would be of strategic value to the Kremlin.

Attack Method: Phishing Signal Backup Keys

Rather than attacking the encryption of Signal itself, the groups exploit the human element. The attack chain works as follows:

  1. Attackers impersonate Signal support agents via phishing messages
  2. Victims are tricked into completing a fake two-factor verification prompt
  3. The prompt actually collects the victim's Signal Backup Recovery Key
  4. With the backup key, attackers gain persistent access to message history — even if the victim later changes devices or creates a new account with the same phone number

The technique is particularly dangerous because backup keys remain valid across account migrations. A victim who doesn't know their key was stolen has no indication their messages are being read.

WhatsApp Attack Variants

Similar social engineering approaches have been applied to WhatsApp, where attackers attempt to harvest account credentials or session tokens through fake verification flows.

Significance

This reward announcement marks an escalation in how the U.S. government is publicly naming and attributing Russian cyber operations against communications platforms. By offering a $10 million bounty — the same tier typically reserved for state-sponsored ransomware actors — the State Department is signaling that targeting encrypted messaging at scale constitutes a serious national security threat.

What Users Should Do

  • Do not share backup keys or recovery codes with anyone, including apparent customer support
  • Enable registration lock on Signal (Settings → Account → Registration Lock)
  • Treat any unsolicited verification request as a phishing attempt
  • Report suspicious contact to your organization's security team

References

  • BleepingComputer — U.S. offers $10M for hackers targeting WhatsApp, Signal users
  • The Record — $10M reward for Russian hackers UNC4221 and UNC5792
  • The Hacker News — FBI Warns Russian Intelligence Hackers
  • Rewards for Justice Program
#Russia#FSB#Signal#WhatsApp#Phishing#Threat Intelligence#UNC5792#UNC4221

Related Articles

Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

Ukraine's SSU and the FBI have exposed a sustained Russian intelligence campaign using fake support SMS messages to steal Signal, WhatsApp, and Telegram...

5 min read

Ukraine and FBI Expose Russian Intelligence Campaign Stealing Signal Credentials via Fake SMS

The SSU and FBI jointly disclosed a sustained Russian intelligence operation targeting messaging credentials of government officials, military personnel,...

5 min read

FBI: Russian Hackers Now Target Signal Backup Recovery Keys

The FBI and CISA warn that a Russian-linked phishing campaign targeting Signal users has evolved to steal Backup Recovery Keys, giving attackers full...

4 min read
Back to all News