HomeEverything
Equities & FundsCrypto & Digital AssetsAI & TechnologyBusiness & CorporateUS Politics & PolicyGeopolitics & Global RiskMacro, Rates & FXCommodities & EnergyEuropean Politics & MarketsAsia-PacificReal Estate & Property
← All Stories

US offers $10 million for info on group behind Signal, WhatsApp hacks

Created at 29 Jun · 10:10 PM1 source↑ Market-relevant
IN SHORT

US authorities are offering up to $10 million for information identifying or locating a Russian state cyber group targeting thousands of Signal and WhatsApp accounts. The group, tracked as UNC5792 and UNC4221, has compromised accounts belonging to investigative reporters and US government employees since at least March.

✉Newsletter

PiQ Daily

Pick your topics. Get only what matters, on your cadence.

Key Numbers

$10 millionreward for information on cyber group

Who's Involved

FBI
published advisory and update on hacking campaign
UNC5792
Russian government group responsible for attacks
UNC4221
Russian government group responsible for attacks
US offers $10 million for info on group behind Signal, WhatsApp hacks

↳ Why This Matters

The US government's substantial reward highlights the severity of the cyber threat posed by Russian state-sponsored groups targeting sensitive individuals, potentially impacting national security and journalistic integrity.

Key facts

  • US authorities are offering up to $10 million for information on a Russian state cyber group.
  • The group has compromised thousands of Signal and WhatsApp accounts.
  • Targets include investigative reporters and US government employees.
  • The hacking campaign has been active since at least March.
  • The FBI identified two responsible Russian government groups as UNC5792 and UNC4221.
  • Attackers use phishing tactics, including impersonating support bots and requesting encryption passcodes.

US federal authorities are offering a reward of up to $10 million for information that leads to the identification or location of a Russian state cyber group responsible for hacking thousands of Signal and WhatsApp accounts. The targets of these attacks include investigative reporters and US government employees.

The campaign has been active since at least March, when the FBI issued an advisory warning about phishing efforts by attackers associated with Russian intelligence services. These attackers impersonate automated support communications, prompting targets to click links or provide verification codes and account passcodes. Compliance with these requests can lead to the attacker's device being linked to the user's account or a complete account takeover, locking the user out.

Once an account is compromised, attackers can read new messages. Signal's safety features prevent access to previous conversations unless users are tricked into providing encryption passcodes for backups. The FBI's recent update indicated that the campaign has evolved, with messages now urging users to create backups and then share the long passcode used to encrypt these backups stored on Signal servers. This allows attackers access to past conversations.

The FBI identified two Russian government groups, UNC5792 and UNC4221, as being responsible for these attacks. The agency also noted that hackers from Iran and post-Soviet countries are involved. One example message provided by the FBI mimics a Signal security update, informing users of increased hacking attempts and the introduction of mandatory two-factor verification, while guiding them through a backup process that ultimately compromises their account.

Frequently asked questions

US authorities are offering up to $10 million for information leading to the identification or location of the Russian state cyber group.

The targets include investigative reporters and US government employees, such as current and former US government officials, military personnel, and political figures.

Attackers use phishing tactics, impersonating support bots to trick users into clicking links, providing verification codes, account passcodes, or encryption passcodes for backups.

The FBI has tracked the responsible groups as UNC5792 and UNC4221.

What Happens Next

01Authorities await information leading to the identification or location of the responsible cyber group.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

How It Developed

Federal authorities are offering a reward of up to $10 million for information on a Russian state cyber group.
The group has compromised thousands of Signal and WhatsApp accounts belonging to investigative reporters and US government employees.
The operation has been active since at least March, with attackers masquerading as support communications.
Attackers trick users into linking their device to an account or completely taking over the account.
The FBI published an update detailing evolved phishing campaigns, including requests for backup encryption passcodes.
Two Russian government groups, UNC5792 and UNC4221, are responsible for the attacks.
The FBI stated that hackers from Iran and post-Soviet countries are responsible for the attacks.

Sources

T1
US offers $10 million for info on group behind Signal and WhatsApp hacking spreevar abtest_2161149 = new ABTest(2161149, 'impression');Ars Technica

Related Stories

Google warns EU data sharing, AI rules risk user privacy
29 Jun · 6:25 PM
White House to meet law enforcement on crypto bill
29 Jun · 3:30 PM
Kalshi sues Illinois over new tax on prediction market sports bets
29 Jun · 5:50 PM
JPMorgan Backs U.S. Crypto Bill, Cautions on Oversight Ahead of Senate Deadline
29 Jun · 7:25 PM
Yoo to advise diGenova on probe into Trump's 2016 campaign and Russia inquiries
29 Jun · 3:05 AM