The US government is offering up to $10 million for information about a Russian state-sponsored cyber group that has compromised thousands of Signal and WhatsApp accounts belonging to investigative reporters and US government employees. Federal authorities say the operation has been active since at least March, when the FBI first warned about phishing campaigns targeting high-value individuals through messages disguised as automated support communications.

Attackers send messages asking users to click links, provide verification codes, or share account passcodes. Once users comply, hackers link their devices to victim accounts or take complete control, locking out legitimate owners. Signal's end-to-end encryption protects previous conversations, but compromised accounts allow access to new messages. The campaign specifically targets individuals with intelligence value, including current and former government officials, military personnel, and journalists.

Last week, the FBI reported the campaign evolved to steal backup encryption passcodes. Attackers now urge targets to create backups of all previous communications, then send follow-up messages requesting the long passcode used to encrypt backups stored on Signal servers. This gives hackers access to past Signal conversations. Two Russian government groups, tracked as UNC5792 and UNC4221, are responsible for these attacks.

The deception includes fake security alerts claiming Signal introduced mandatory two-factor verification and urging users to enable backups. These messages direct victims through legitimate-looking setup processes while actually handing over encryption keys. The reward represents one of the largest bounties offered for cybercriminal identification, reflecting the severity of targeting secure communications used by journalists and government officials.