Source linked

US Puts $10M Bounty on Russian Group Behind Signal and WhatsApp Hacks

arstechnica.com@systems_wire2 hours ago·Cybersecurity·2 comments

Thousands of journalist and government accounts compromised since March via phishing for verification codes-State Department offers up to $10 million for intel on the attackers.

signalwhatsapprussian cyber groupsfbiphishingus department of state

$10 million is on the table—the US State Department is offering that reward for information leading to the identification or location of a Russian state-backed cyber group that has compromised thousands of Signal and WhatsApp accounts belonging to investigative reporters and US government employees.

The Attack: Phishing Masquerading as Support

Since at least March 2026, the group—operating under Russian intelligence services—has run phishing campaigns targeting high-value individuals. Messages appear as automated support communications, asking users to click a link or provide verification codes or account passcodes. If the target complies, their account gets linked to the attacker's device or completely taken over with the legitimate owner locked out.

The FBI published an advisory in March warning of this exact tactic. Now the feds are putting serious money behind catching the operators.

Why the Bounty Matters

This isn't a spray-and-pray campaign. The group is surgically targeting investigative journalists and US government staff—people whose Signal and WhatsApp conversations often contain sensitive sources, operational details, or classified material. Compromising those accounts gives the attackers direct access to real-time communications, not just historical data.

$10 million is the kind of number that gets the attention of intelligence assets, disgruntled insiders, and maybe even some defectors. It signals that the US believes this group is persistent, well-resourced, and tied directly to Russian state objectives.

What Comes Next

The reward won't stop the phishing—but it raises the cost of staying hidden for whoever is running the infrastructure. Expect tighter scrutiny of automated support-like messages on Signal and WhatsApp, and expect more 2FA-enabled accounts among the target demographic. The next escalation is likely a shift in attack vector, maybe SIM-swap or supply-chain compromise, as the phishing tactic becomes harder to pull off after this level of exposure.

Source: US offers $10 million for info on group behind Signal and WhatsApp hacking spree
Domain: arstechnica.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
Yokogawa ICS Cleartext Bug Scores 8.2, Hits Energy and Food Sectors

An unauthenticated attacker can grab CI Server configuration details over the network thanks to CWE-319 in Yokogawa FAST/TOOLS and CI Server, earning a CVSS v4 score of 8.2.

AWS CIRT Catalog Adds 5 New Attack Techniques - EKS Hijack, Root Assume, Org Takeover

Threat actors are abusing legitimate AWS features like sts:AssumeRoot and Kubernetes workload modifications. The June 2026 TTC update documents five new techniques and three updates, all observed in real incidents.

Sparse RSA Moduli Found in the Wild: Yahoo, Verizon, and CompleteFTP at Risk

Researchers uncovered thousands of RSA keys with suspicious zero patterns in TLS certificates and SSH hosts, including keys from Yahoo, Verizon, and CompleteFTP software spanning 2016-2023.

GitHub Advisory Database Hits 5x Volume - What Breaks When Vulnerability Reports Surge

1,560 reviewed advisories in May 2026, five times the normal monthly output, pushed review times from days to weeks - here's what GitHub's scaling up against

Comments load interactively on the live page.