The United States has announced a reward of up to $10 million (approximately ₹85 crore) for information leading to the identification or location of two Russia-linked hacking groups accused of targeting WhatsApp and Signal users. The reward has been announced by the U.S. Department of State under its Rewards for Justice (RFJ) programme, which aims to identify and disrupt foreign state-sponsored cyber actors responsible for attacks against U.S. interests.
According to U.S. officials, the hacker groups UNC5792 and UNC4221 are believed to be associated with Russia’s Federal Security Service (FSB) and Russian military intelligence, respectively. The groups are accused of conducting large-scale phishing campaigns targeting the Signal and WhatsApp accounts of U.S. government officials, military leaders, and personnel from allied countries.
The U.S. government is seeking information on the identities, locations, affiliations, operational infrastructure, domains, servers, hosting services, software tools, funding sources, banking relationships, payment mechanisms, and cryptocurrency wallets linked to the two hacking groups. Individuals providing actionable information may receive rewards of up to $10 million.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
Last week, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) updated their March 2026 cybersecurity advisory, warning that the groups have adopted a new tactic involving the theft of Signal Backup Recovery Keys. Investigators said the attackers impersonate Signal support representatives and send direct messages claiming that users must complete a mandatory two-factor verification process.
During this fraudulent process, victims are tricked into revealing their Backup Recovery Key. Once obtained, cybercriminals can gain access to the victim’s previous conversations and backed-up data, potentially exposing highly sensitive communications and personal information.
U.S. authorities stressed that neither Signal nor WhatsApp has suffered any technical compromise of its encryption systems. Instead, the attacks rely primarily on social engineering and phishing techniques that manipulate users into voluntarily disclosing confidential information.
According to government officials, thousands of accounts on commercial messaging platforms have already been compromised through these tactics. The primary targets include U.S. and NATO government officials, diplomats, defence and intelligence personnel, journalists covering Russia and Ukraine, NGOs supporting Ukraine, and researchers specialising in security and Russian affairs.
Renowned cybercrime expert and former IPS officer Prof. Triveni Singh said that modern cyber espionage increasingly depends on social engineering rather than direct technical hacking. He noted that attackers often impersonate trusted organisations or customer support teams to persuade users to reveal sensitive credentials. He emphasised that legitimate support teams of messaging platforms never ask users through chat messages to share verification codes, backup recovery keys, passwords, or other confidential account credentials.
Cybersecurity experts have advised users not to click on suspicious links, avoid responding to unsolicited verification requests received through chat, and communicate with customer support only through official email addresses or verified websites. If anyone requests a backup recovery key, OTP, password, or other sensitive information through a message, users should ignore the request immediately and report it to the concerned platform.
