The United States has announced a reward of up to $10 million for information leading to the identification or location of Russian-linked hackers. Authorities accused the cyber groups of compromising thousands of Signal and WhatsApp accounts through sophisticated phishing campaigns.
Officials said the attackers primarily targeted investigative journalists, government employees, military personnel, political figures, and other individuals with intelligence value. However, investigators confirmed the campaign exploited users instead of breaking encrypted messaging systems.
FBI Warns of Expanding Phishing Campaign
The FBI said the operation has remained active since at least March. Attackers impersonate automated support services and send convincing messages requesting verification codes or account passcodes.
Victims also receive malicious links that appear legitimate. Consequently, users unknowingly connect attacker-controlled devices to their messaging accounts.
In some cases, hackers take complete control of compromised accounts and lock out legitimate owners. Meanwhile, linked devices allow attackers to read newly received messages.
The FBI recently warned that the campaign has evolved. Attackers now persuade users to create Signal backups before requesting encrypted recovery keys.
As a result, hackers can access older conversations stored on Signal servers. Investigators identified the groups behind the operation as UNC5792 and UNC4221, linking both to Russian intelligence services.
State Department Announces Multi-Million Dollar Reward
On Monday, the US State Department announced the reward through its Rewards for Justice programme. Officials also revealed that attackers abused Signal’s group invitation feature to spread malicious links.
Some altered invitation pages redirected victims to attacker-controlled websites. Consequently, hackers linked unauthorized devices to targeted Signal accounts.
Authorities stressed that the attackers never exploited weaknesses in Signal or WhatsApp encryption. Instead, they relied entirely on phishing and social engineering techniques.
The FBI urged users to avoid sharing verification codes or backup recovery keys with anyone. Furthermore, officials advised users to ignore urgent requests and verify suspicious messages through official communication channels before responding.
