US offers $10 million for tips on hackers behind Signal and WhatsApp breaches

The State Department is offering up to $10 million for information on UNC5792 and UNC4221, two Russia-linked hacking groups accused of breaking into Signal and WhatsApp accounts belonging to U.S. officials, military leadership, and allied personnel. The reward comes through the Rewards for Justice program; one group is tied to the FSB's Border Guards service, the other to Russian military intelligence.

The attackers didn't break either app's encryption. Instead, they phished victims with fake "verification" messages and, in some cases, altered Signal's group-invite page to silently link an attacker's device to the victim's account — giving them access to message histories and contact lists, and in some cases full account takeover. The FBI first warned about the campaign in March and updated its advisory last week, noting that stolen backup recovery keys can stay valid even after a victim resets their account.

Ukraine's SBU said it worked with the FBI on a related, longer-running espionage campaign targeting officials and activists across Ukraine, Europe, and the U.S. — suggesting the operation is broader than this single bounty announcement reveals.