US Offers $10M Reward for Info on Russian Hackers Targeting Signal and WhatsApp

by Anika Shah - Technology
0 comments

Federal authorities are offering a reward of up to $10 million for information leading to the identification or location of a Russian state cyber group, also tracked as UNC5792. This group has targeted high-profile users on encrypted messaging platforms like WhatsApp and Signal to compromise sensitive communications.

How the Phishing Campaign Targets Users

The ongoing operation relies on social engineering tactics to gain unauthorized access to accounts. According to the Federal Bureau of Investigation (FBI), attackers frequently pose as technical support staff or automated service bots. These messages often claim that a user’s account has been compromised or that a third-party device has attempted to connect to their profile.

How the Phishing Campaign Targets Users

By masquerading as legitimate support, the attackers persuade users to click malicious links or provide verification codes. If a user complies, they may inadvertently link the attacker’s device to their account or provide the credentials necessary for a total account takeover. Once an attacker gains access, they can intercept incoming messages in real-time.

Evolving Tactics and Data Theft

The campaign has become increasingly complex since it was first flagged by the FBI in March. While early efforts focused on simple phishing, recent updates show that attackers are now targeting the backup features of encrypted messaging apps.

FBI offers highest-ever reward for Russian hacker in 2015 – Daily Mail

Attackers are instructing targets to create a backup of their conversation history and then share the long encryption passcode required to secure that data. By obtaining this key, the threat actors can decrypt and access historical messages that were previously protected by end-to-end encryption.

Despite these risks, Signal’s architecture includes security features that prevent attackers from accessing past conversations unless the user explicitly provides the backup encryption key. The campaign specifically targets individuals of high intelligence value, including:

  • Current and former U.S. government officials
  • Military personnel
  • Political figures
  • Investigative journalists

How to Protect Your Account

Security experts and federal authorities emphasize that users should never share verification codes or backup passcodes with anyone, regardless of how official a message may appear.

To maintain account integrity, users should:

  • Enable Two-Factor Authentication (2FA): Ensure 2FA is active on all messaging accounts to provide an extra layer of defense.
  • Verify Support Requests: Legitimate services will not ask for your account password, PIN, or backup encryption keys via chat.
  • Review Linked Devices: Periodically check the “Linked Devices” section in your app settings to ensure no unauthorized devices are connected to your account.

The U.S. government’s reward offer is part of an effort to disrupt state-sponsored malicious cyber activity. The FBI continues to monitor the activities of the groups identified as UNC5792 and UNC4221, urging organizations and individuals to report suspicious activity immediately.

Related Posts

Leave a Comment