QuiverSphere QUIVERSPHERE SUBSCRIBE
QuiverSphere
← Blog

US offers $10 million reward for leads on Signal and WhatsApp cyber attackers

The US is offering a $10 million reward for information on Russian hackers targeting Signal and WhatsApp accounts, undermining user security.

05 July 2026 · 5 min read

US offers $10 million reward for leads on Signal and WhatsApp cyber attackers

The anthropic-raises-alarm-over-ai-model-theft-from-chinese-companies/">U.S. government is stepping up its efforts to combat the growing threat of cyberattacks by offering a reward of up to $10 million for information leading to the identification or location of individuals involved in a significant hacking campaign targeting messaging platforms, namely Signal and WhatsApp. These operations, attributed to Russian state groups, have reportedly compromised thousands of accounts—including those belonging to journalists and government officials.

Uncovering the hacking spree

The hacking spree has been ongoing since at least March, when the FBI first issued an advisory warning about targeted phishing campaigns directed at high-profile individuals. The attackers are said to be associated with Russian intelligence services. Initial reports indicated that these vulnerability-response-time-amid-growing-ai-threats/">cybercriminals would send messages that appeared to be automated support communications, tricking users into clicking malicious links or providing critical verification codes.

By complying with such requests, unsuspecting users inadvertently give attackers unauthorized access to their accounts, effectively compromising their security. Despite Signal's robust security measures that prevent attackers from viewing previous conversations, they still gain the ability to read incoming messages.

The FBI recently updated its advisory, revealing that the campaign had evolved. Not only are attackers posing as support bots to lure victims, but they are also sending follow-up messages urging targets to back up their communications. These messages contain instructions that, when followed, result in users inadvertently revealing the encryption passcode for backups stored on Signal's servers—allowing attackers to access previous conversations.

The attackers behind the operation

As per the U.S. State Department’s announcement, the two key Russia-based groups involved in the hacking spree have been identified as UNC5792 and UNC4221. These cyber groups are reportedly linked to the Russian Federal Security Service (FSB) and military services. Their operations have been characterized by extensive phishing tactics targeting accounts belonging to U.S. government officials, military leaders, and even journalists.

The State Department explained that UNC5792 has been the mastermind behind various phishing campaigns, some of which involved modifying legitimate “group invite” pages from Signal. By transforming these into malicious URLs, they redirected victims to websites controlled by the attackers, allowing them to hijack the victims' Signal accounts. Importantly, the cybersecurity breach did not exploit vulnerabilities in Signal's encryption but rather manipulated user actions, showcasing the importance of cyber vigilance.

The implications of such breaches are serious. Thousands of user accounts across these messaging platforms have already been compromised, highlighting how easily even savvy individuals can be caught off guard. This situation raises questions about the effectiveness of current security measures against increasingly sophisticated phishing attacks, alongside the psychological factors that blind users to early warning signs.

The response from Signal and government bodies

In light of these developments, Signal has initiated updates to its Terms of Service and Privacy Policy, as well as introduced mandatory two-factor verification for users. These changes aim to bolster user security and prevent unauthorized access to accounts, especially in the wake of the recent attacks.

Moreover, the FBI has provided additional guidelines to help users protect their accounts. For instance, a crucial recommendation is that users generate new backup recovery keys immediately upon suspecting any security breach.

Furthermore, U.S. officials are urging individuals to resist the impulse to act quickly when responding to urgent-seeming messages. In many cases, attackers exploit a sense of urgency, compelling victims to bypass their usual caution. A brief delay can often afford users the clarity needed to discern legitimate communications from potentially harmful scams.

Building awareness against phishing tactics

Phishing attacks remain one of the most prevalent and successful tactics for cybercriminals. Despite the simplicity of their methods, they can yield significant rewards for attackers, especially when they are directed at high-value targets such as government employees and investigative reporters.

To combat this ongoing threat, government bodies, cybersecurity firms, and messaging platform developers must prioritize educational initiatives aimed at informing users about the dangers of phishing tactics. Engaging people on how to recognize suspicious messages and encouraging them to implement best practices can significantly reduce the risk of account compromises.

Professional training and awareness campaigns can help increase vigilance among high-value targets. By emphasizing the need to scrutinize messages and validate requests, users can significantly lower the chances of falling prey to such schemes.

What lies ahead in securing messaging platforms

The current hacking spree exposes the vulnerabilities inherent in even the most secure messaging platforms. Even with end-to-end encryption, users remain the weakest link in overall cybersecurity. As the demand for secure communication grows, it is imperative that both users and developers remain alert and proactive in their efforts to combat cyberattacks.

Looking forward, the reward offered by the U.S. government is not just a financial incentive; it represents a call to action in the collective effort to secure digital communication channels against pervasive threats. By identifying and tracking those responsible for these attacks, authorities hope to not only bring perpetrators to justice but also to set a precedent for the future of cybersecurity in an increasingly digital world.

Frequently asked questions

What types of accounts have been targeted by hackers?

Hackers have targeted Signal and WhatsApp accounts belonging to high-value individuals, including U.S. government officials, military personnel, and journalists.

How can users protect their accounts from such phishing attacks?

To protect against phishing attacks, users should implement two-factor verification, verify request authenticity, and avoid clicking links from unknown sources.

What is the reward for information leading to the arrest of the attackers?

The U.S. government is offering a reward of up to $10 million for information that helps identify or locate those involved in the hacking campaign.