U.S. offers $10 million for hackers targeting WhatsApp, Signal users
The U.S. Department of State is offering up to $10 million for information that helps identify or locate members of the UNC5792 and UNC4221 hacker groups, which are linked to Russia's intelligence and military services. [...]
AI Analysis
Technical Summary
The U.S. government has publicly linked two hacker groups, UNC5792 and UNC4221, to Russia's intelligence and military services. These groups conduct phishing campaigns targeting Signal and WhatsApp users, particularly U.S. government and allied personnel. The primary attack vector involves social engineering to steal Signal Backup Recovery Keys by impersonating support agents and requesting verification codes or recovery keys. While the encryption of the messaging platforms remains intact, the attackers gain access to private communications by exploiting user trust. The U.S. Department of State's Rewards for Justice program offers up to $10 million for information leading to the identification or location of these threat actors. FBI and CISA advisories provide updated tactics and emphasize the importance of recognizing fraudulent support communications.
Potential Impact
The impact involves unauthorized access to private communications on Signal and WhatsApp through social engineering attacks that steal backup recovery keys. This compromises the confidentiality of targeted individuals' past messages and data stored in backups. The threat primarily affects high-value targets such as government officials, military leadership, journalists, and researchers. The encryption protocols of the messaging platforms themselves are not compromised, but the attacker’s success in tricking users leads to significant privacy breaches.
Mitigation Recommendations
No official patch or fix is applicable as the threat exploits social engineering rather than a software vulnerability. Users of Signal and WhatsApp should be aware that legitimate support teams communicate only via official company email addresses and never request verification codes or recovery keys through in-app messages or links. Users must refuse to provide such sensitive information in response to unsolicited messages. Organizations should educate their personnel about these phishing tactics and verify any support communications through official channels. The U.S. government and security agencies have issued advisories with detailed guidance on recognizing and avoiding these attacks.
U.S. offers $10 million for hackers targeting WhatsApp, Signal users
Description
The U.S. Department of State is offering up to $10 million for information that helps identify or locate members of the UNC5792 and UNC4221 hacker groups, which are linked to Russia's intelligence and military services. [...]
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The U.S. government has publicly linked two hacker groups, UNC5792 and UNC4221, to Russia's intelligence and military services. These groups conduct phishing campaigns targeting Signal and WhatsApp users, particularly U.S. government and allied personnel. The primary attack vector involves social engineering to steal Signal Backup Recovery Keys by impersonating support agents and requesting verification codes or recovery keys. While the encryption of the messaging platforms remains intact, the attackers gain access to private communications by exploiting user trust. The U.S. Department of State's Rewards for Justice program offers up to $10 million for information leading to the identification or location of these threat actors. FBI and CISA advisories provide updated tactics and emphasize the importance of recognizing fraudulent support communications.
Potential Impact
The impact involves unauthorized access to private communications on Signal and WhatsApp through social engineering attacks that steal backup recovery keys. This compromises the confidentiality of targeted individuals' past messages and data stored in backups. The threat primarily affects high-value targets such as government officials, military leadership, journalists, and researchers. The encryption protocols of the messaging platforms themselves are not compromised, but the attacker’s success in tricking users leads to significant privacy breaches.
Mitigation Recommendations
No official patch or fix is applicable as the threat exploits social engineering rather than a software vulnerability. Users of Signal and WhatsApp should be aware that legitimate support teams communicate only via official company email addresses and never request verification codes or recovery keys through in-app messages or links. Users must refuse to provide such sensitive information in response to unsolicited messages. Organizations should educate their personnel about these phishing tactics and verify any support communications through official channels. The U.S. government and security agencies have issued advisories with detailed guidance on recognizing and avoiding these attacks.
Technical Details
- Article Source
- {"url":"https://www.bleepingcomputer.com/news/security/us-offers-10-million-for-hackers-targeting-whatsapp-signal-users/","fetched":true,"fetchedAt":"2026-06-29T15:36:25.997Z","wordCount":715}
Threat ID: 6a4290fa27e9c7971914aa69
Added to database: 06/29/2026, 15:36:26 UTC
Last enriched: 06/29/2026, 15:36:35 UTC
Last updated: 06/30/2026, 01:25:56 UTC
Views: 28
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.