Find notable cyber news and cases, enriched with sources, timelines, and signals.

FBI public warning on Signal and WhatsApp phishing

Public Sector Action
First reported
Last updated
Happening score
H score 30
4 unique sources, 7 articles

Summary

Hide ▲

The US Department of State is offering up to $10 million through the Rewards for Justice program for information that helps identify or locate UNC5792 and UNC4221, groups linked to Russia's intelligence and military services. The reward action targets a campaign that used Signal and WhatsApp phishing, including impersonation of Signal support and theft of Signal Backup Recovery Keys. The activity has compromised thousands of individual accounts and has been used against US and NATO government, diplomatic, defense, and intelligence officials and other sensitive targets.

Related Happenings

Russian intelligence Signal recovery-key phishing campaign

Campaign
H score29 First: 29.06.2026 11:15 Last: 29.06.2026 11:15 Sources 1

How related: “Russian Intelligence Services (RIS) cyber-threat actors continue to masquerade as automated CMA support accounts in updated phishing messages but have evolved their tactics to attempt to elicit victims' Backup Recovery Keys,” it said.

About this happening: An active **Russian intelligence** phishing campaign is impersonating **Signal** support to steal **Backup Recovery Keys**, **verification codes**, and **account PINs**, putting *...

Russian intelligence services fake support SMS messaging-account phishing campaign

Campaign
H score29 First: 27.06.2026 20:27 Last: 27.06.2026 20:27 Sources 1

How related: The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in Ukraine, Europe, and the U.S.

About this happening: A **long-running phishing campaign** by **Russian intelligence services** is stealing **messaging-account credentials** from officials, military personnel, politicians, and activi...

Signal Backup Recovery Key phishing mitigation

Advisory/Mitigation
H score25 First: 27.06.2026 01:06 Last: 27.06.2026 01:06 Sources 1

How related: The updated advisory reminds users that legitimate messaging application support teams only communicate through official company email addresses, never request verification codes within the application, and do not send links asking users to verify or restore their accounts.

About this happening: The **FBI** and **CISA** updated mitigation guidance for **Signal users** after a phishing operation began targeting **Backup Recovery Keys**, which can expose **historical messag...

WhatsApp VBScript phishing campaign targeting users in multiple countries

Campaign
H score43 First: 23.06.2026 01:42 Last: 23.06.2026 01:42 Sources 1

About this happening: An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...

Non-email threat-detection confidence gap across collaboration channels

Trend
H score25 First: 19.06.2026 12:00 Last: 19.06.2026 12:00 Sources 1

About this happening: A survey found a broad **non-email threat-detection gap** across **Slack**, **Microsoft Teams**, and social channels, increasing exposure as attackers move beyond **email**. At **...

Timeline

  1. 29.06.2026 12:29 2 articles · 10d ago

    US offers $10 million reward for UNC5792 and UNC4221 behind Signal and WhatsApp phishing

    Legal Policy Action Update

    The US government offered up to $10 million for information leading to the identification of UNC5792 and UNC4221, Russian intelligence-linked threat actors targeting Signal and WhatsApp users by posing as automated support accounts and stealing verification codes or Backup Recovery Keys; CISA and the FBI warned that sharing a Backup Recovery Key can let the actor access historical private and group messages and potentially keep access after a new account is created with the same phone number.

    Show sources
  2. 20.03.2026 22:45 6 articles · 3mo ago

    FBI warns of Russian intelligence-linked Signal and WhatsApp phishing

    Initial Disclosure

    FBI public service announcement warns that Russian intelligence-linked threat actors are targeting Signal and WhatsApp users with phishing messages that impersonate support accounts, trick victims into sharing verification codes or scanning malicious QR codes, and hijack accounts or linked devices without breaking end-to-end encryption; the activity has compromised thousands of accounts worldwide and focuses on people with access to sensitive information.

    Show sources