US offers $10 million for information on Russian state hackers targeting Signal and WhatsApp
Tags AI · Infrastructure
The US Department of State is offering a reward of up to $10 million for information leading to the identification of members of Russian state cyber groups UNC5792 and UNC4221, which have compromised thousands of Signal and WhatsApp accounts belonging to investigative reporters and US government employees. The operation has been active since at least March 2026, when the FBI published an advisory warning of phishing campaigns targeting high-value targets with messages masquerading as automated support communications. The attackers trick users into clicking links or providing verification codes, enabling account takeover. The groups are linked to Russia's intelligence and military services.
Technical significance
This campaign demonstrates that even end-to-end encrypted messaging platforms remain vulnerable to social engineering at the account provisioning layer. Security teams should audit their organization's reliance on SMS or link-based verification flows and consider hardware token-based authentication for high-value communications. The $10 million reward signals the severity with which the US government views threats to encrypted communications infrastructure.