Bounty for State Linked Cyber Actors
The U.S. Department of State is offering a reward of up to $10 million for information leading to the identification or location of members of two Russian linked hacker groups: UNC5792 and UNC4221. The initiative falls under the ‘Rewards for Justice’ program, which targets foreign state actors conducting cyberattacks against U.S. critical infrastructure. UNC5792 is associated with the Russian Federal Security Service (FSB) Border Guards, while UNC4221 operates on behalf of Russian military services.
Targeting Signal and WhatsApp Users
UNC5792 has conducted widespread phishing campaigns specifically targeting Signal and WhatsApp accounts of U.S. government officials, military leadership, and allied personnel. The FBI and CISA have updated advisories noting that these hackers impersonate Signal support agents, tricking users into revealing their data backup keys under the guise of mandatory two factor verification. This method grants access to victims’ previous communications, though the encryption itself remains uncompromised.
Scope and Impact
The U.S. government confirms that thousands of individual accounts for commercial messaging applications have been compromised through this activity. Primary targets include U.S. and NATO government, diplomatic, defense, and intelligence officials, along with policy analysts, journalists covering Russia and Ukraine, NGOs supporting Ukraine, and security researchers. The reward seeks information on operational infrastructure, financial networks, cryptocurrency wallets, and personnel affiliations.
Source: BleepingComputer
