FBI public warning on Signal and WhatsApp phishing
Public Sector Action
Summary
Hide ▲
Show ▼
The US Department of State is offering up to $10 million through the Rewards for Justice program for information that helps identify or locate UNC5792 and UNC4221, groups linked to Russia's intelligence and military services. The reward action targets a campaign that used Signal and WhatsApp phishing, including impersonation of Signal support and theft of Signal Backup Recovery Keys. The activity has compromised thousands of individual accounts and has been used against US and NATO government, diplomatic, defense, and intelligence officials and other sensitive targets.
Related Happenings
Russian intelligence Signal recovery-key phishing campaign
Campaign
H score29
First: 29.06.2026 11:15
Last: 29.06.2026 11:15
Sources 1
How related:
“Russian Intelligence Services (RIS) cyber-threat actors continue to masquerade as automated CMA support accounts in updated phishing messages but have evolved their tactics to attempt to elicit victims' Backup Recovery Keys,” it said.
About this happening:
An active **Russian intelligence** phishing campaign is impersonating **Signal** support to steal **Backup Recovery Keys**, **verification codes**, and **account PINs**, putting *...
Russian intelligence Signal recovery-key phishing campaign
CampaignHow related: “Russian Intelligence Services (RIS) cyber-threat actors continue to masquerade as automated CMA support accounts in updated phishing messages but have evolved their tactics to attempt to elicit victims' Backup Recovery Keys,” it said.
About this happening: An active **Russian intelligence** phishing campaign is impersonating **Signal** support to steal **Backup Recovery Keys**, **verification codes**, and **account PINs**, putting *...
Russian intelligence services fake support SMS messaging-account phishing campaign
Campaign
H score29
First: 27.06.2026 20:27
Last: 27.06.2026 20:27
Sources 1
How related:
The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in Ukraine, Europe, and the U.S.
About this happening:
A **long-running phishing campaign** by **Russian intelligence services** is stealing **messaging-account credentials** from officials, military personnel, politicians, and activi...
Russian intelligence services fake support SMS messaging-account phishing campaign
CampaignHow related: The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in Ukraine, Europe, and the U.S.
About this happening: A **long-running phishing campaign** by **Russian intelligence services** is stealing **messaging-account credentials** from officials, military personnel, politicians, and activi...
Signal Backup Recovery Key phishing mitigation
Advisory/Mitigation
H score25
First: 27.06.2026 01:06
Last: 27.06.2026 01:06
Sources 1
How related:
The updated advisory reminds users that legitimate messaging application support teams only communicate through official company email addresses, never request verification codes within the application, and do not send links asking users to verify or restore their accounts.
About this happening:
The **FBI** and **CISA** updated mitigation guidance for **Signal users** after a phishing operation began targeting **Backup Recovery Keys**, which can expose **historical messag...
Signal Backup Recovery Key phishing mitigation
Advisory/MitigationHow related: The updated advisory reminds users that legitimate messaging application support teams only communicate through official company email addresses, never request verification codes within the application, and do not send links asking users to verify or restore their accounts.
About this happening: The **FBI** and **CISA** updated mitigation guidance for **Signal users** after a phishing operation began targeting **Backup Recovery Keys**, which can expose **historical messag...
WhatsApp VBScript phishing campaign targeting users in multiple countries
Campaign
H score43
First: 23.06.2026 01:42
Last: 23.06.2026 01:42
Sources 1
About this happening:
An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...
WhatsApp VBScript phishing campaign targeting users in multiple countries
CampaignAbout this happening: An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...
Non-email threat-detection confidence gap across collaboration channels
Trend
H score25
First: 19.06.2026 12:00
Last: 19.06.2026 12:00
Sources 1
About this happening:
A survey found a broad **non-email threat-detection gap** across **Slack**, **Microsoft Teams**, and social channels, increasing exposure as attackers move beyond **email**. At **...
Non-email threat-detection confidence gap across collaboration channels
TrendAbout this happening: A survey found a broad **non-email threat-detection gap** across **Slack**, **Microsoft Teams**, and social channels, increasing exposure as attackers move beyond **email**. At **...
Timeline
-
29.06.2026 12:29 2 articles · 10d ago
US offers $10 million reward for UNC5792 and UNC4221 behind Signal and WhatsApp phishing
Legal Policy Action UpdateThe US government offered up to $10 million for information leading to the identification of UNC5792 and UNC4221, Russian intelligence-linked threat actors targeting Signal and WhatsApp users by posing as automated support accounts and stealing verification codes or Backup Recovery Keys; CISA and the FBI warned that sharing a Backup Recovery Key can let the actor access historical private and group messages and potentially keep access after a new account is created with the same phone number.
Show sources
- US Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks Evolve — www.securityweek.com — 29.06.2026 12:29
- U.S. offers $10 million for hackers targeting WhatsApp, Signal users — www.bleepingcomputer.com — 29.06.2026 18:09
-
20.03.2026 22:45 6 articles · 3mo ago
FBI warns of Russian intelligence-linked Signal and WhatsApp phishing
Initial DisclosureFBI public service announcement warns that Russian intelligence-linked threat actors are targeting Signal and WhatsApp users with phishing messages that impersonate support accounts, trick victims into sharing verification codes or scanning malicious QR codes, and hijack accounts or linked devices without breaking end-to-end encryption; the activity has compromised thousands of accounts worldwide and focuses on people with access to sensitive information.
Show sources
- FBI links Signal phishing attacks to Russian intelligence services — www.bleepingcomputer.com — 20.03.2026 22:45
- FBI links Signal phishing attacks to Russian intelligence services — www.bleepingcomputer.com — 20.03.2026 22:45
- FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys — thehackernews.com — 26.06.2026 22:38
- FBI: Russian hackers now target Signal backup recovery keys — www.bleepingcomputer.com — 27.06.2026 01:06
- Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials — thehackernews.com — 27.06.2026 20:27
- FBI Sounds Alarm Over Russian Intelligence Signal Phishing — www.infosecurity-magazine.com — 29.06.2026 11:15