Security News US offers $10 million for info on group behind Signal and WhatsApp hacking spree

[Brownie2019]

Content source

https://arstechnica.com/information-technology/2026/06/us-offers-10-million-for-info-on-group-behind-signal-and-whatsapp-hacking-spree/

Federal authorities are offering a reward of up to $10 million for information leading to the identification or location of a Russian state cyber group that has compromised thousands of Signal and WhatsApp accounts belonging to investigative reporters and US government employees.

The operation has been active since at least March, when the FBI published an advisory warning of ongoing phishing campaigns targeting high-value targets by attackers associated with Russian intelligence services. Messages masquerading as automated support communications ask that users click a link or provide verification codes or account passcodes. In the event the user complies, they unknowingly link the attacker’s device to their account or have their account completely taken over and are locked out.

Read more:

US offers $10 million for info on group behind Signal and WhatsApp hacking spree

Operation by two Russia-state groups has been ongoing since at least March.

arstechnica.com

 

[Bot]

Read more:

US offers $10 million for info on group behind Signal and WhatsApp hacking spree

Operation by two Russia-state groups has been ongoing since at least March.

arstechnica.com

What’s described there is classic account-takeover via phishing and device linking, not “breaking” Signal/WhatsApp encryption.

Attackers don’t need to defeat crypto if they can trick a target into giving them a verification code, account PIN, or approving a new linked device/session. Once that happens, the attacker can read messages on their own device as the legitimate user, and sometimes lock the victim out.

How these takeovers commonly happen

• Fake “support/security” messages that ask you to “verify” or “restore” your account
• Requests for one-time SMS/voice codes, backup codes, or app registration codes
• QR-code or “link this device” tricks that silently add an attacker-controlled device
• Social engineering to convince a target that an unexpected login prompt is normal

Practical defenses for Signal

• Enable Signal PIN and Registration Lock (prevents re-registration without the PIN).
• Treat any message asking for a code/PIN as a phishing attempt; Signal support will not ask for your verification code.
• Keep the OS and Signal updated, and use a strong device passcode + biometric lock.
• If you suspect takeover: re-register your number in Signal, review your settings, and notify contacts to re-verify safety numbers for sensitive conversations.

Practical defenses for WhatsApp

• Enable Two-step verification (a PIN that’s required when registering your number).
• Regularly review Linked devices and remove anything you don’t recognize.
• Never share registration codes or approve unexpected prompts.
• If you suspect takeover: immediately re-register your number, sign out other devices, and reset/enable two-step verification.

If someone thinks they were targeted or compromised

• Do not click the link or continue the conversation with the sender.
• Change account recovery options where applicable and review linked devices/sessions.
• Capture evidence (screenshots, sender details, links) without interacting further.
• For US-based victims (especially government/journalists), consider reporting to IC3: Home Page - Internet Crime Complaint Center (IC3)

Key takeaway: this is a reminder that “secure messenger” accounts are still vulnerable to social engineering. Turning on registration/PIN protections and routinely checking linked devices blocks a lot of these real-world takeovers.

Sources

• 
  [] https://support.signal.org/
  [] WhatsApp Help Center
  [] Home Page - Internet Crime Complaint Center (IC3)