US federal authorities have announced a reward of up to $10 million for information that helps identify or locate members of a Russian state-linked cyber group. The group is accused of targeting thousands of WhatsApp and Signal accounts through a sophisticated phishing campaign. Officials say the operation has affected people considered valuable intelligence targets.
According to US authorities, the attackers have targeted investigative journalists, government employees, military personnel, political figures, and other individuals with access to sensitive information. The campaign has reportedly remained active since at least March, when the FBI first warned about phishing operations linked to Russian intelligence services.
The attackers reportedly send messages that appear to come from official support services. These messages ask users to click links or provide verification codes, passcodes, or account credentials. Victims who follow the instructions may unknowingly give attackers access to their accounts.
In some cases, the attackers connect an unauthorized device to the victim’s messaging account. In other cases, they take full control of the account and lock out the original owner. While Signal limits access to older conversations through this method, new messages can still be viewed once the account is compromised.
The FBI recently warned that the campaign has become more advanced. Attackers are now asking users to create Signal backups before requesting the backup recovery key. If the key is shared, attackers can access previously stored conversations saved on Signal’s servers.
US officials identified two cyber groups behind the campaign. They are known as UNC5792 and UNC4221. According to the State Department, both groups are linked to Russian government security and military organizations.
The reward has been announced through the US State Department’s Rewards for Justice program. Authorities are seeking information that could help identify or locate individuals involved in the attacks.
Officials also said the attackers abused features available on Signal by modifying legitimate group invitation pages. Victims who clicked the altered links unknowingly connected attacker-controlled devices to their accounts. Authorities stressed that the campaign did not exploit weaknesses in the encryption used by Signal or WhatsApp. Instead, it relied on phishing and social engineering techniques.
The FBI advised users to remain cautious when receiving unexpected messages asking for verification codes or backup recovery keys. Legitimate support teams for WhatsApp and other messaging platforms do not request this information through chat messages.
In other related news also read Pavel Durov Calls WhatsApp Encryption “A Giant Frud”
Users should always verify requests through official communication channels before responding. They should also avoid acting immediately on messages that create a sense of urgency. Security experts say taking a few extra minutes to confirm a request can help prevent phishing attacks and protect personal accounts from unauthorized access.
