US offers $10M reward for info on Signal/WhatsApp hacking group
Original: US offers $10 million for info on group behind Signal and WhatsApp hacking spree
Why This Matters
State-sponsored attacks on encrypted messaging platforms pose direct threats to press freedom and government security.
US federal authorities announced a $10 million reward for information identifying a Russian state cyber group that has compromised thousands of Signal and WhatsApp accounts belonging to journalists and US government employees, active since at least March 2026.
US federal authorities are offering up to $10 million for information leading to the identification or location of a Russian state-linked cyber group responsible for compromising thousands of Signal and WhatsApp accounts. Targets include current and former US government officials, military personnel, political figures, and journalists. The FBI first issued an advisory in March 2026 warning of phishing campaigns tied to Russian intelligence. Attackers send messages impersonating automated support bots, tricking users into linking attacker devices to their accounts or surrendering account passcodes. A recent FBI update identified two Russian government-linked groups behind the campaign: UNC5792 and UNC4221. The operation has evolved to also trick users into generating Signal backup recovery keys, which are then sent to attackers — granting access to past encrypted conversations. Signal's built-in safety features prevent attackers from reading prior messages unless the backup key is compromised. Sample phishing messages falsely claim Signal has updated its Terms of Service and urge users to create backups via a step-by-step process, ultimately harvesting the encryption recovery key.