The US offers 10 million dollars for information about the Russian hacker groups that have accessed sensitive WhatsApp and Signal accounts
Through the Rewards for Justice (RFJ) program, the United States government has announced a reward of up to 10 million dollars for any person who provides information that allows identifying or locating members of the Russian cybercriminal groups UNC5792 and UNC4221. According to US authorities, both organizations operate under the direct direction or control of the russian government to carry out attacks against critical infrastructure in the country.
Specifically, investigations indicate that the UNC5792 group is directly linked to the Coast Guard Service of the Russian Federal Security Bureau (FSB), while UNC4221 works under the orders of the Russian military services.
Attackers have managed to hack thousands of Signal and WhatsApp accounts by deceiving the device pairing function
The UNC5792 group focuses on mass phishing campaigns based on social engineering to compromise Signal and WhatsApp accounts of senior government officialsUS military personnel and members of allied countries. To achieve this, attackers modify legitimate group invitation pages, redirecting victims to malicious URLs that link a device controlled by the hackers to the user’s Signal account.
These actions do not exploit any vulnerability in the encryption of the applications, but rather take advantage of the app’s own functions to access conversations, sensitive content and contact lists, also using stolen accounts to spread the malware to other targets.
Among the victims of this scheme are diplomats, NATO political analysts, investigative journalists dedicated to the conflict in Ukraine and non-governmental organizations. The US government seeks critical data from these actors, including names, locations, server infrastructure, software tools, and the cryptocurrency wallets or blockchain transactions used to finance their operations.
The US has prohibited the use of this type of apps for government workers, especially those with ties to rival countries such as TikTok (China) or Telegram (Russia), so the hackers’ efforts have focused directly on other types of messaging applications.
