U.S. offers $10 million for hackers targeting WhatsApp, Signal users

The U.S. Department of State has announced a $10 million reward for intelligence leading to the identification or location of members from UNC5792 and UNC4221. Both groups operate under the direction of Russia's intelligence and military apparatus.

UNC5792 and UNC4221 target encrypted messaging platforms, specifically WhatsApp and Signal users. The groups exploit zero-day vulnerabilities and conduct espionage operations against government officials, journalists, and civil society organizations across multiple countries. Their activities represent a direct threat to secure communications infrastructure relied upon by vulnerable populations and dissidents in authoritarian regimes.

The reward falls under the Rewards for Justice program, which historically incentivizes defections and intelligence sharing from state-sponsored actors. The State Department rarely offers such substantial bounties unless the threat warrants immediate diplomatic attention. This action reflects escalating concerns over Russian cyber espionage targeting U.S. allies and non-governmental organizations.

UNC5792, tracked by Mandiant, conducted operation "Graphite" against Ukrainian officials and military personnel during Russia's invasion. UNC4221 overlaps operationally with activity attributed to FSB contractors. Both groups maintain sophisticated exploitation capabilities targeting mobile platforms where traditional network defenses prove ineffective.

The reward targets operational members, not senior leadership. Intelligence communities assess that field operators and technical staff represent the most vulnerable link in foreign intelligence operations. Recruitment of mid-level personnel through financial incentives historically yields actionable intelligence on infrastructure, tooling, and operational targets.

Organizations using WhatsApp and Signal should assume their communications face sophisticated state-level threats. This includes disabling cloud backups, enabling disappearing messages, and verifying contact identities through secondary channels. Government agencies and NGOs operating in contested regions face elevated risk and should review endpoint hardening procedures.

The bounty announcement serves dual purposes. It publicly demonstrates U.S. commitment