US offers $10 million bounty for Russian Signal and WhatsApp hackers
The US State Department is offering a $10 million reward for information on Russian state-backed hackers targeting Signal and WhatsApp users in a sophisticated cyber espionage campaign.
Last updated: June 30, 2026
On this page
The US is offering a $10 million reward for information on two Russian state-sponsored hacking groups that have been targeting Signal and WhatsApp users since March 2026, aiming to compromise sensitive communications of government officials and journalists.
The United States government has placed a $10 million bounty on the heads of the individuals behind a sophisticated hacking spree that has been targeting users of encrypted messaging applications Signal and WhatsApp since at least March of this year. The operation, attributed to two Russian state-sponsored groups, represents a significant escalation in the ongoing cyber conflict between Moscow and Western interests, specifically aimed at compromising the communications of government officials, military personnel, and journalists.
- The US State Department is offering a $10 million reward for information leading to the identification or location of key members of two Russian state-backed hacking groups.
- The hacking campaign has been actively targeting users of Signal and WhatsApp since at least March 2026, focusing on high-value individuals.
- The operation is attributed to two distinct Russian state-sponsored groups, indicating a coordinated and multi-pronged espionage effort.
- The primary targets are likely government officials, military personnel, and journalists, aiming to intercept sensitive communications.
- This reward highlights the escalating threat of state-sponsored cyber espionage against encrypted communication platforms.
- The bounty underscores the US government’s determination to disrupt and dismantle hostile cyber operations.
How Do These Russian Hacking Groups Operate Against Encrypted Apps?
The two Russian state-sponsored groups, believed to be linked to the country’s intelligence services, are employing a combination of social engineering and technical exploits to breach the security of Signal and WhatsApp. Their primary method involves sending targeted phishing messages that appear to come from trusted contacts or official sources. These messages often contain malicious links or attachments that, when clicked, can install spyware on a victim’s device. Once installed, this malware can intercept messages before they are encrypted by the app, or it can capture the device’s screen and keystrokes, effectively bypassing end-to-end encryption. The groups are also known to exploit zero-day vulnerabilities in the operating systems of mobile devices to gain initial access.
For high-risk individuals, enabling disappearing messages and regularly checking for active sessions in Signal and WhatsApp can help limit the window of exposure if a device is compromised.
Why Are Encrypted Messaging Apps Like Signal and WhatsApp Primary Targets?
Encrypted messaging apps have become the de facto standard for secure communications among governments, militaries, and journalists worldwide. The promise of end-to-end encryption makes them attractive for sharing sensitive information. However, this very security makes them a high-value target for state-sponsored espionage. By compromising a single high-profile user’s device, a hostile intelligence agency can gain access to a trove of confidential conversations, strategic plans, and intelligence reports. The Russian groups are not trying to break the encryption itself; they are targeting the endpoints, the devices where messages are composed and read. This approach is far more practical and effective for mass surveillance than attempting to crack the underlying cryptographic algorithms.
| Aspect | Traditional Email | Encrypted Messaging (Signal/WhatsApp) | Impact of This Attack |
|---|---|---|---|
| Encryption | Often absent or weak | End-to-end by default | Attack bypasses encryption by targeting the device |
| Target Profile | General public | High-value individuals | Espionage yields high-value intelligence |
| Attack Vector | Phishing for credentials | Malware installation via social engineering | Compromises entire communication history |
| Detection Difficulty | Moderate | High, due to app’s security reputation | Victims may not know they are compromised |
What Are the Broader Implications for National Security?
The US government’s decision to offer a $10 million reward signals that this is not just a criminal matter but a direct threat to national security. The targeting of Signal and WhatsApp users by Russian state-sponsored groups suggests a systematic effort to undermine the secure communications of NATO allies, diplomatic corps, and defense contractors. This operation could lead to the compromise of military strategies, diplomatic negotiations, and intelligence-sharing networks. For instance, a compromised Signal account of a Ukrainian military official could reveal troop movements, while a compromised WhatsApp of a US diplomat could expose sensitive negotiation positions. According to the NeuralPress AI Statistics & Trends 2026 resource, the global cost of cybercrime is projected to reach $10.5 trillion annually by 2025, with state-sponsored attacks being the most costly and difficult to defend against.
Which Warning Signs Predict a Compromised Messaging Account?
Detecting a compromise is challenging, but there are several red flags that users, especially those in high-risk roles, should watch for:
- Unexpected verification codes: Receiving a verification code for Signal or WhatsApp without requesting one could indicate someone is trying to register your number on another device.
- Strange messages in your chat history: Messages you don’t remember sending, or replies to conversations you didn’t have, are a strong indicator of unauthorized access.
- Battery draining faster than usual: Malware running in the background to capture data can significantly increase battery consumption.
- Unusual account activity: Seeing active sessions from unfamiliar devices or locations in your app’s security settings.
- Slow performance or random restarts: Spyware can consume system resources, leading to performance degradation.
Relying solely on app-level encryption is not enough. A compromised device with a keylogger or screen capture malware can expose all your encrypted communications without breaking a single cryptographic key.
Who Is Most at Risk From This Russian Espionage Campaign?
The primary targets are individuals with access to sensitive information that would be of value to Russian intelligence. This includes government officials, military personnel, intelligence analysts, journalists covering geopolitical conflicts, employees of defense contractors, and staff at non-governmental organizations operating in conflict zones. The campaign appears to be highly targeted, focusing on a select group of high-value individuals rather than casting a wide net. The attackers are likely conducting extensive reconnaissance to identify their targets and craft personalized phishing lures. The $10 million reward is aimed at incentivizing insiders or defectors who may have knowledge of the groups’ leadership, infrastructure, or funding.
The US Department of State’s offer of a $10 million reward through its Rewards for Justice program is a clear declaration that the United States is taking this threat seriously. It signals a shift from purely defensive cyber strategies to a more aggressive posture of hunting and disrupting threat actors. For individuals and organizations that rely on encrypted messaging for sensitive communications, this news serves as a stark reminder that security is a chain, and the weakest link is often the human at the endpoint. Vigilance, regular security audits, and a healthy skepticism toward unsolicited messages remain the best defenses against state-sponsored cyber espionage.
Source: Ars Technica
Frequently Asked Questions
What is the $10 million reward for?
The reward is for information leading to the identification or location of key members of two Russian state-sponsored hacking groups responsible for a campaign targeting Signal and WhatsApp users.
When did the hacking campaign start?
The campaign has been ongoing since at least March 2026, according to the US government.
Who are the likely targets of this hacking spree?
The primary targets are high-value individuals such as government officials, military personnel, and journalists, whose communications would be of strategic interest to Russian intelligence.
How are the hackers compromising encrypted apps like Signal?
The hackers use social engineering and malware to compromise the endpoint device, bypassing the app's encryption by capturing keystrokes, screenshots, or intercepting messages before they are encrypted.
