The US Department of State has announced a $10 million bounty for information leading to the identification or location of members of two Russian hacker groups, UNC5792 and UNC4221, linked to Russia's intelligence and military services. The hackers have been targeting Signal and WhatsApp accounts of high-value targets, including government officials, military personnel, and journalists.
The bounty is part of the 'Rewards for Justice' (RFJ) program, which targets foreign state actors carrying out cyberattacks against US critical infrastructure. The RFJ announcement confirms that thousands of individual accounts for commercial messaging applications were compromised in this way.
Background and Context
The Russian hacker groups have been using phishing campaigns to trick users into revealing their verification codes, allowing them to take over the account and read incoming communications and group chats. The hackers are posing as fake Signal support chatbots or exploiting the "linked devices" feature of the apps, which lets them connect another device to the victim's account and quietly monitor messages.
According to a joint public advisory from the Netherlands' military intelligence service and domestic intelligence agency, the Russian operation aims to trick victims into revealing PIN codes for secure messaging apps Signal and WhatsApp. The bulletin did not indicate when the deception campaign began.
Why it Matters to the Industry
The targeting of high-value targets in the US and NATO governments, as well as individuals of interest to the Russian government, raises concerns about the security of commercial messaging applications. Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information.
The fact that individual accounts have been compromised, not the messaging apps themselves, highlights the importance of user behavior in preventing account takeovers. Users should never share their six-digit code with others, and should regularly check linked devices and log out sessions they do not recognize.
What Comes Next
The US Department of State's announcement of a $10 million bounty for information leading to the identification or location of members of UNC5792 and UNC4221 hacker groups is a significant development in the ongoing efforts to combat cyberattacks against US critical infrastructure. The RFJ program has been successful in attracting responses from individuals with information about foreign state actors carrying out cyberattacks.
The targeting of Signal and WhatsApp accounts by Russian hackers highlights the importance of robust security measures for commercial messaging applications. Users should be aware of the risks associated with using these apps, and take steps to protect themselves against phishing campaigns and account takeovers.
Key Facts
- The US Department of State has announced a $10 million bounty for information leading to the identification or location of members of UNC5792 and UNC4221 hacker groups.
- The hackers have been targeting Signal and WhatsApp accounts of high-value targets, including government officials, military personnel, and journalists.
- Thousands of individual accounts for commercial messaging applications were compromised in this way.
- The Russian operation aims to trick victims into revealing PIN codes for secure messaging apps Signal and WhatsApp.
- Users should never share their six-digit code with others, and should regularly check linked devices and log out sessions they do not recognize.
Conclusion
The targeting of Signal and WhatsApp accounts by Russian hackers highlights the importance of robust security measures for commercial messaging applications. The US Department of State's announcement of a $10 million bounty for information leading to the identification or location of members of UNC5792 and UNC4221 hacker groups is a significant development in the ongoing efforts to combat cyberattacks against US critical infrastructure.