US Offers $10M Bounty for Russian Hackers in Messaging App Cyberattacks

Anuj June 29, 2026
www.news4hackers.com-us-offers-10m-bounty-for-russian-hackers-in-messaging-app-cyberattacks-us-offers-10m-bounty-for-russian-hackers-in-messaging-app-cyberattacks
Post Views: 7

US government agencies have announced a reward of up to $10 million for information leading to the identification of individuals linked to two cyber threat groups tied to Russian intelligence. These groups, designated as UNC5792 and UNC4221 in public records, have been targeting current and former US government officials, military personnel, allied entities, journalists, political figures, and Ukrainian officials.

Threat Groups and Cyber Tactics

Recent alerts from the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FISA) reveal that the actors are conducting phishing campaigns focused on commercial messaging applications (CMAs). By impersonating automated support accounts within platforms like Signal, the attackers trick victims into clicking malicious links or sharing verification codes to gain unauthorized access to their accounts.

Backup Recovery Key Exploitation

A revised advisory from CISA and the FBI highlights that the threat actors have expanded their tactics to request Backup Recovery Keys, which grant access to historical conversations, including private and group messages. If a victim inadvertently shares this key, it remains valid even after they create a new account using the same phone number, allowing the attackers to potentially compromise the new account later. To mitigate this, users must generate a new Backup Recovery Key to invalidate the old one. However, this action does not remove existing access to the compromised account.

Link to Russian Intelligence Services

UNC5792 and UNC4221 are associated with Russian intelligence services (RIS), according to the Rewards for Justice portal. UNC5792 is linked to the Russian Federal Security Service (FSB) Border Guards, while UNC4221 is connected to the Russian military. The US government emphasizes that these actors employ social engineering to exploit legitimate device-linking features in secure messaging apps, enabling unauthorized access to sensitive communications, contact lists, and group discussions.

UNC5792 and UNC4221 are associated with Russian intelligence services (RIS), according to the Rewards for Justice portal.

Reward Program Details

The reward program seeks details on the identities, locations, and biographies of UNC5792 actors, as well as their ties to RIS, supporting entities, infrastructure, tools, funding sources, and financial networks, including banking accounts, cryptocurrency wallets, and transaction records. Compromised accounts have been used to launch further phishing attacks against other high-value targets, with instances of attackers modifying group invite pages to link malicious devices to victims’ Signal accounts.

User Security Advisory

The advisory also underscores the evolving nature of these attacks, which leverage trusted features of messaging platforms to bypass security measures and exfiltrate critical data. Users are advised to remain vigilant against unsolicited requests for sensitive information and to regularly update security settings on their communication tools.


Blog Image

About Author

Anuj

See author's posts

More Stories

www.news4hackers.com-us-authorities-crackdown-on-illegal-fifa-world-cup-streaming-domains-us-authorities-crackdown-on-illegal-fifa-world-cup-streaming-domains

US Authorities Crackdown on Illegal FIFA World Cup Streaming Domains

Anuj June 29, 2026
www.news4hackers.com-international-human-trafficking-ring-uncovered-on-thai-myanmar-border-international-human-trafficking-ring-uncovered-on-thai-myanmar-border

International Human Trafficking Ring Uncovered on Thai-Myanmar Border

Anuj June 29, 2026
www.news4hackers.com-assam-man-arrested-in-56-lakh-bank-fraud-case-involving-tmc-mp-kalyan-banerjee-assam-man-arrested-in-56-lakh-bank-fraud-case-involving-tmc-mp-kalyan-banerjee

Assam Man Arrested in ₹56 Lakh Bank Fraud Case Involving TMC MP Kalyan Banerjee

Anuj June 28, 2026

Latest Cyber Security News

www.news4hackers.com-top-3-strategies-to-secure-enterprise-applications-in-the-ai-era-top-3-strategies-to-secure-enterprise-applications-in-the-ai-era

Top 3 Strategies to Secure Enterprise Applications in the AI Era

Anuj June 29, 2026
www.news4hackers.com-us-authorities-crackdown-on-illegal-fifa-world-cup-streaming-domains-us-authorities-crackdown-on-illegal-fifa-world-cup-streaming-domains

US Authorities Crackdown on Illegal FIFA World Cup Streaming Domains

Anuj June 29, 2026
www.news4hackers.com-dirtyclone-linux-kernel-exploit-enables-root-access-security-threat-dirtyclone-linux-kernel-exploit-enables-root-access-security-threat

DirtyClone Linux Kernel Exploit Enables Root Access – Security Threat

Anuj June 29, 2026
www.news4hackers.com-mozilla-warns-of-ai-coding-agents-indirect-prompt-injection-threat-mozilla-warns-of-ai-coding-agents-indirect-prompt-injection-threat

Mozilla Warns of AI Coding Agents’ Indirect Prompt Injection Threat

Anuj June 29, 2026
www.news4hackers.com-odisha-cracks-down-on-46-fake-hotel-booking-sites-ahead-of-rath-yatra-odisha-cracks-down-on-46-fake-hotel-booking-sites-ahead-of-rath-yatra

Odisha Cracks Down on 46 Fake Hotel Booking Sites Ahead of Rath Yatra

Anuj June 29, 2026
en_USEnglish
en_USEnglish